Subscribe

Identifying any uses of the SHA-1 hashing algorithm

How can I identify if SHA-1 is being used for the following?

 

- OCUM/OPM 7.2

- DFM 5.0 & 5.2

- API Services 1.2

- WFA 2.1

 

Is there another place to look besides the “fingerprint?” As you can see from the GUI picture and the CLI output below, both show SHA1 for the fingerprint. The same is true on the OCUM servers.

 

AltaVault cert.jpg

OCUM cert.jpg

What about the web certs for DFM/API/7mTT/WFA? Is there any concern with SHA-1 hashing for HTTPS?

 

It sounds like there shouldn’t be any SHA-1 usage in any of these products, but I would like to make sure.

 

Any help would be greatly appreciated.

Frequent Contributor

Re: Identifying any uses of the SHA-1 hashing algorithm

WFA current releases uses SHA-1 which has been deprecated. This is a known issue and will be fixed in the upcoming release. Only secure and recommended ciphers will be used in the upcoming release. Please let me know if this is a serious concern and you require a workaround to use secure ciphers.