[wp-meta] [Making WordPress.org] #632: Unknown message digest algorithm

Making WordPress.org noreply at wordpress.org
Wed Oct 1 16:40:06 UTC 2014


#632: Unknown message digest algorithm
--------------------------+-----------------
  Reporter:  johnbillion  |      Owner:
      Type:  defect       |     Status:  new
  Priority:  normal       |  Component:  SSL
Resolution:               |   Keywords:
--------------------------+-----------------

Comment (by Otto42):

 That error is caused by the server having an older version of curl (or the
 curl PHP library) with an outdated version of OpenSSH, which lacks support
 for certificates using the "sha256WithRSAEncryption" signature algorithm.

 The WordPress.org certificate uses sha256WithRSAEncryption.

 So, this is probably a wontfix. The user or host needs to update to a
 modern version of curl and openSSH. The use of SSH-1 is deprecated for
 certificates, and most CAs have moved on to not issue them anymore. By
 2016, there should be almost no certificates using it, so his version of
 curl/openSSH will stop working by then anyway.

 More to the point, even Google is trying to kill off SHA-1. So, it's bound
 to happen eventually. Everybody gotta upgrade.

 http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-
 sha-1.html

--
Ticket URL: <https://meta.trac.wordpress.org/ticket/632#comment:1>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org


More information about the wp-meta mailing list