[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: SHA512



Dear Sampo,

thank you for your answer.
If possible SHA512 would be nice.

Best regards
Gerhard

-----Urspr|ngliche Nachricht-----
Von: sampo@xxxxxxxxx [mailto:sampo@xxxxxxxxx] 
Gesendet: Donnerstag, 05. Mdrz 2015 10:33
An: Gutschi Gerhard Alfred HCMS sIT
Cc: ZXID.User@xxxxxxxxxxxxx; sampo@xxxxxxxxx; Gruber Bernhard SAI sIT
Betreff: Re: SHA512

Gutschi Gerhard Alfred HCMS sIT <GerhardAlfred.Gutschi@xxxxxxxxxxxxxxxx> said:
> Dear Mr. Kellomdki,
> 
> I've got the following error from the ZXID lib.:
> 7510.ac8b7b70    zxsig.c:293 zxsig_validate       mas E chkuid: ssof: Unknown digest algo(http://www.w3.org/2001/04/xmlenc#sha512) in sref(#_CB7C74B93C61B7A766F4A15CCCC552B494A5076). Only SHA1 and MD5 are supported.
> 7510.ac8b7b70  zxidsso.c:423 zxid_sigres_map             mas E chkuid: ssof: Bad digest algo. 1
> 7510.ac8b7b70  zxidsso.c:732 zxid_sp_sso_finalize        mas E chkuid: ssof: Fail SSO due to failed signature sigres=1
> 7510.ac8b7b70  zxidsso.c:787 zxid_sp_sso_finalize        mas E chkuid: ssof: SSO fail (P)
> 
> The error told us, that our IdP-Server uses digest algorithmus: SHA512 which is not supported by ZXID.
> Does mod_auth_saml provide a configuration parameter to config the digest algo to SHA512?
> If not is it planned to implement the SHA512 algo to mod_auth_saml?

No configuration. Now that you bring it up, it may be time to add more algorithms and cipher suites. If you look at zxsig.c, you can see it is not very difficult, especially if OpenSSL already supports the algorithm.

Dear mainling list,

What algorithms and cipher suites would you like to see supported in the next release?

Cheers,
--Sampo

> Thank you for your help.
> 
> Best regards
> Gerhard Gutschi