Re: Identifying any uses of the SHA-1 hashing algorithm

guenterw · ‎2017-04-26

How can I identify if SHA-1 is being used for the following?

- OCUM/OPM 7.2

- DFM 5.0 & 5.2

- API Services 1.2

- WFA 2.1

Is there another place to look besides the “fingerprint?” As you can see from the GUI picture and the CLI output below, both show SHA1 for the fingerprint. The same is true on the OCUM servers.

What about the web certs for DFM/API/7mTT/WFA? Is there any concern with SHA-1 hashing for HTTPS?

It sounds like there shouldn’t be any SHA-1 usage in any of these products, but I would like to make sure.

Any help would be greatly appreciated.

ag · ‎2017-05-08

WFA current releases uses SHA-1 which has been deprecated. This is a known issue and will be fixed in the upcoming release. Only secure and recommended ciphers will be used in the upcoming release. Please let me know if this is a serious concern and you require a workaround to use secure ciphers.

Identifying any uses of the SHA-1 hashing algorithm

Changing controller identifier

StorageGRID S3 bucket - checksum algorithm for upload?

Vulnerability:SSH Weak Key Exchange Algorithms Enabled

HCI IPMI Weak MAC Algorithms

Identify ONTAP LUN on Windows host