Hello, comrades. Our security vulnerabilitiy scanner has flagged my OCI servers with a vulnerability related to SSL and SHA-1 hashing. The remediation measure prescribed is to stop using a SHA-1 hashed certificate, and use one hashed with SHA-256 instead.
I'm currently running 7.0.1, but I've scheduled an upgrade to 7.1 in the next few weeks for reasons unrelated to SSL. I sort of hope this upgrade (and a subsequent switching-off of SSLv3 and switching-on of TLS on the filer) will automagically sort out my SHA-1 vulnerability as well. What does the community think? Wishful thinking?
Matt, this is super helpful, and I'll definitely need to bookmark this for when we actually get 7.1 installed. The OCI client is really only used by a handful of people, and can only be gotten-to in one of two ways, so I bet I could control the Java environment around it (hashtag Famous Last Words).
From one liberal arts undergraduate to another, I thank you.