From b5486adc9bb335818e501b925544dcd6b3fd92e4 Mon Sep 17 00:00:00 2001 From: Marc Hoersken Date: Sat, 22 Feb 2014 16:48:15 +0100 Subject: [PATCH] stunnel: regenerated self-signed test certificate with SHA1 hash The previous test certificate contained a MD5 hash which is not supported using TLSv1.2 with Schannel on Windows 7 or newer. See the update to this blog post on IEInternals / MSDN: http://blogs.msdn.com/b/ieinternals/archive/2011/03/25/ misbehaving-https-servers-impair-tls-1.1-and-tls-1.2.aspx "Update: If the server negotiates a TLS1.2 connection with a Windows 7 or 8 schannel.dll-using client application, and it provides a certificate chain which uses the (weak) MD5 hash algorithm, the client will abort the connection (TCP/IP FIN) upon receipt of the certificate." --- tests/stunnel.pem | 72 +++++++++++++++++++++++------------------------ 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/tests/stunnel.pem b/tests/stunnel.pem index 6a3859b33..d9b9679eb 100644 --- a/tests/stunnel.pem +++ b/tests/stunnel.pem @@ -60,17 +60,17 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - 09:c2:f9:ca:9a:d8 - Signature Algorithm: md5WithRSAEncryption + a4:17:70:09:88:8c:48:cd + Signature Algorithm: sha1WithRSAEncryption Issuer: C=SE, ST=Solna, L=Mooo, O=Haxx, OU=Coolx, CN=storbror, CN=localhost Validity - Not Before: Jan 5 11:25:13 2004 GMT - Not After : Feb 13 11:25:13 2008 GMT + Not Before: Feb 22 15:38:48 2014 GMT + Not After : Feb 20 15:38:48 2024 GMT Subject: C=SE, ST=Solna, L=Mooo, O=Haxx, OU=Coolx, CN=storbror, CN=localhost Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (1234 bit) - Modulus (1234 bit): + Public-Key: (1234 bit) + Modulus: 03:59:37:ea:06:ea:f2:7c:0c:0c:de:f8:5b:ce:29: 24:b8:f5:7e:31:18:cc:40:2e:12:91:2e:14:10:6f: ba:af:33:ee:c1:70:c8:11:bf:e4:4a:c6:45:fb:48: @@ -104,37 +104,37 @@ Certificate: Authority Information Access: ad dvcs - URI:https://localhost:8433/509 - Signature Algorithm: md5WithRSAEncryption - 02:47:57:18:5f:54:3f:1d:29:0a:05:7a:d1:0f:e6:b9:2c:8b: - 29:38:50:bf:c1:a1:7f:73:4a:9d:f1:1b:bf:2e:ea:87:91:dd: - ff:75:73:57:78:cf:75:52:57:0b:5b:bb:d4:77:b2:dd:e8:0c: - 06:ce:1b:c0:3d:9f:68:c0:0b:66:b8:f9:46:db:04:a9:2f:a3: - 5e:9c:c6:70:ff:1d:af:1f:17:9c:38:3d:12:aa:af:7b:72:44: - a0:44:41:6b:9a:9b:60:8c:50:94:f1:d7:a5:77:6b:d3:0e:66: - 88:a1:52:63:23:f6:66:a6:ea:f9:d0:df:4d:8a:14:f0:73:c6: - b6:b6:b6:68:4f:3d:9a:b6:31:ba:19:f3:66:9f:16:6d:87:64: - 32:53:d2:90:e5:8c:1e:f5:18:61:1a + Signature Algorithm: sha1WithRSAEncryption + 00:45:db:09:5b:08:5b:1a:ff:71:50:6c:12:ad:8e:78:32:1d: + 7d:e7:e4:d3:3e:5f:ca:20:84:aa:ff:9a:c2:b6:a9:48:93:1f: + 73:27:d1:68:05:76:36:f9:c1:53:90:ad:8a:c0:b3:12:c8:11: + 5c:2c:65:01:ac:31:d1:8e:60:6e:c6:f5:ba:9d:69:e8:f1:ac: + 4a:de:52:94:cd:06:24:45:72:64:89:0f:57:8b:26:2b:16:cf: + 0b:27:c4:e8:73:c7:d3:e5:42:38:95:57:b5:bb:83:b4:92:d4: + e0:cd:fb:c8:f5:d2:da:1d:11:fe:3c:18:20:8b:bd:22:31:1c: + 5a:82:d4:f5:71:8d:8a:e3:13:82:c5:2d:f3:9f:d0:b7:b8:4b: + d2:46:9d:8e:1a:d7:99:6e:c1:b9:a0 -----BEGIN CERTIFICATE----- -MIIDujCCAwigAwIBAgIGCcMA3QkhMA0GCSqGSIb3DQEBBAUAMHIxCzAJBgNVBAYT -AlNFMQ4wDAYDVQQIEwVTb2xuYTENMAsGA1UEBxMETW9vbzENMAsGA1UEChMESGF4 -eDEOMAwGA1UECxMFQ29vbHgxETAPBgNVBAMTCHN0b3Jicm9yMRIwEAYDVQQDEwls -b2NhbGhvc3QwHhcNMDQwMTA1MTQ0MjU2WhcNMDgwMjEzMTQ0MjU2WjByMQswCQYD -VQQGEwJTRTEOMAwGA1UECBMFU29sbmExDTALBgNVBAcTBE1vb28xDTALBgNVBAoT -BEhheHgxDjAMBgNVBAsTBUNvb2x4MREwDwYDVQQDEwhzdG9yYnJvcjESMBAGA1UE -AxMJbG9jYWxob3N0MIG5MA0GCSqGSIb3DQEBAQUAA4GnADCBowKBmwNZN+oG6vJ8 -DAze+FvOKSS49X4xGMxALhKRLhQQb7qvM+7BcMgRv+RKxkX7SNgcxKPLcIHf7QQ6 -DBIlLXuAuVHQtWW9b06q64kBElkEwh6gP5Ia9JrRysGbu2U6NRP+xBU33dVwZjF0 -7ocN9Pp392W4VxEc+g3+FkRzUEaahDGOabmjgKuqDdlKdZLzgJj7+9sEKpb7+FdG -56rZAgMBAAGjggEkMIIBIDARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgEN -BCYWJENVUkwgc3R1bm5lbCBzZXJ2ZXIgdGVzdCBjZXJ0aWZpY2F0ZTALBgNVHQ8E -BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCQYDVR0TBAIwADAdBgNVHQ4EFgQU -NXc1O5uYPLbHmueoBLl8cK36N6kwNgYIKwYBBQUHAQsEKjAoMCYGCCsGAQUFBzAE -hhpodHRwczovL2xvY2FsaG9zdDo4NDMzLzUwOTA2BggrBgEFBQcBAQQqMCgwJgYI -KwYBBQUHMASGGmh0dHBzOi8vbG9jYWxob3N0Ojg0MzMvNTA5MBoGA1UdEQQTMBGH -BH8AAAGCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQQFAAOBnAAAIHkvI0V6padfc8Lv -onuNqBwCMIg4SugCslkN597Yb8ZDEAUe3ArkOvzAHUngsD5D0gfbKblKP/P0bN6Y -Ft896NmH4QFsDAetZcCFf24AM4DbUQo5jtG+dkanI/7IxxNYJ1PQ64/yscdQFvHW -xhIX3Q6FqABjcN5nc80Rog+b6eS8QRX1BRnQqbGtocuptUgW5mWsSb+DR6pZbA== +MIIDtzCCAwWgAwIBAgIJAKQXcAmIjEjNMA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV +BAYTAlNFMQ4wDAYDVQQIEwVTb2xuYTENMAsGA1UEBxMETW9vbzENMAsGA1UEChME +SGF4eDEOMAwGA1UECxMFQ29vbHgxETAPBgNVBAMTCHN0b3Jicm9yMRIwEAYDVQQD +Ewlsb2NhbGhvc3QwHhcNMTQwMjIyMTUzODQ4WhcNMjQwMjIwMTUzODQ4WjByMQsw +CQYDVQQGEwJTRTEOMAwGA1UECBMFU29sbmExDTALBgNVBAcTBE1vb28xDTALBgNV +BAoTBEhheHgxDjAMBgNVBAsTBUNvb2x4MREwDwYDVQQDEwhzdG9yYnJvcjESMBAG +A1UEAxMJbG9jYWxob3N0MIG5MA0GCSqGSIb3DQEBAQUAA4GnADCBowKBmwNZN+oG +6vJ8DAze+FvOKSS49X4xGMxALhKRLhQQb7qvM+7BcMgRv+RKxkX7SNgcxKPLcIHf +7QQ6DBIlLXuAuVHQtWW9b06q64kBElkEwh6gP5Ia9JrRysGbu2U6NRP+xBU33dVw +ZjF07ocN9Pp392W4VxEc+g3+FkRzUEaahDGOabmjgKuqDdlKdZLzgJj7+9sEKpb7 ++FdG56rZAgMBAAGjggEeMIIBGjAUBgNVHREEDTALgglsb2NhbGhvc3QwEQYJYIZI +AYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRDVVJMIHN0dW5uZWwgc2VydmVy +IHRlc3QgY2VydGlmaWNhdGUwCwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUF +BwMBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDV3NTubmDy2x5rnqAS5fHCt+jepMDYG +CCsGAQUFBwELBCowKDAmBggrBgEFBQcwBIYaaHR0cHM6Ly9sb2NhbGhvc3Q6ODQz +My81MDkwNgYIKwYBBQUHAQEEKjAoMCYGCCsGAQUFBzAEhhpodHRwczovL2xvY2Fs +aG9zdDo4NDMzLzUwOTANBgkqhkiG9w0BAQUFAAOBnAAARdsJWwhbGv9xUGwSrY54 +Mh195+TTPl/KIISq/5rCtqlIkx9zJ9FoBXY2+cFTkK2KwLMSyBFcLGUBrDHRjmBu +xvW6nWno8axK3lKUzQYkRXJkiQ9XiyYrFs8LJ8Toc8fT5UI4lVe1u4O0ktTgzfvI +9dLaHRH+PBggi70iMRxagtT1cY2K4xOCxS3zn9C3uEvSRp2OGteZbsG5oA== -----END CERTIFICATE----- -----BEGIN DH PARAMETERS----- MIGHAoGBAMq/KFGh2oy16WzkFs1U71Uz7dIEKvSYfc+zo439pYyVzcD8MkcC15Zb