Google Chrome Weak Signature Algorithm Error
signed using a weak signature algorithm" when using a corporate proxy Starred by 2 users Reported by blaquewr...@gmail.com, Dec 16 2011 Back to list Status: WontFix Owner: agl@chromium.org Closed: Dec 2011 Cc: rsleevi@chromium.org, palmer@chromium.org Components: Internals Internals>Network>SSL NextAction: ---- OS: ---- Pri: 2 Type: Bug Restrict-AddIssueComment-EditIssue M-18 Restricted Only users with EditIssue permission may comment. Sign in to add a comment Since build 5639 of chromium, I get SSL errors for any sites attempting to use SSL encryption. If I revert back to 5638 & clear out %userprofile%\Local Settings\Application Data\Chromium\User Data, it all works fine again. http://build.chromium.org/f/chromium/snapshots/Win_Webkit_Latest/5639/ http://build.chromium.org/f/chromium/snapshots/Win_Webkit_Latest/5639/changelog.xml Guessing it was this change, When encountering certificates signed with md2/md4, make it a fatal error. When encountering certificates signed with md5, interstitial the page with an error about md5 being a weak signing algorithm. This excludes checking the signatures of root certificates (trust anchors), as their self-signed signatures are not relevant to the security of the chain. R=wtc@chromium.org BUG= 101123 Review URL: http://codereview.chromium.org/8374020 While the security improvement makes sense, is there any option to disable the check or is it just up to sites to update their cert signing? GoogleSSLError.JPG 80.4 KB View Download FacebookSSLError.JPG 80.3 KB View Download Comment 1 by blaquewr...@gmail.com, Dec 16 2011 Processing EDIT: Should have said certificate errors instead of SSL errors in description & attachments. Comment 2 by mmenke@chromium.org, Dec 16 2011 Processing Cc: rsleevi@chromium.org Labels: -Area-Undefined Area-Internals Internals-Network-SSL Comment 3 by agl@chromium.org, Dec 16 2011 Processing Is there something special about your setup, i.e. a MITM proxy? The patch certainly wasn't intended to break major sites and it doesn't cause problems for either https://www.google.com nor https://www.facebook.com for me. If you click the padlock on the certificate error page, who does it say is signing the certificates for those sites? Comment 4 by blaquewr...@gmail.com, Dec 16 2011 Processing Certs are by Microdasys Root CA so it may me a proxy issue. FacebookCert.JPG 26.1 KB View Download GoogleCert.JPG 25.8 KB View Download Comment 5 by agl@chromium.org, Dec 16 2011 Processing Owner: agl@chromium.org Status: Assigned Ok, I'll try and contact Microdasys - thanks for the report. (I assume that you're on a corporate machine as private root CAs shouldn't w
från GoogleLogga inDolda fältSök efter grupper eller meddelanden
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies http://superuser.com/questions/421224/the-sites-security-certificate-is-signed-using-a-weak-signature-algorithm-can of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Super User Questions Tags Users Badges Unanswered Ask Question _ Super User is a question and answer site for computer enthusiasts and power users. Join them; it only takes a minute: Sign up Here's how it works: Anybody can google chrome ask a question Anybody can answer The best answers are voted up and rise to the top The site's security certificate is signed using a weak signature algorithm! can't access any HTTPS's site up vote 3 down vote favorite I'm getting this error on any HTTPS page and can't even login here in SuperUser.com if I use chrome. You attempted to reach www.facebook.com, google chrome weak but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged and the server may not be the server you expected (you may be communicating with an attacker). You should not proceed, especially if you have never seen this warning before for this site. When you connect to a secure website, the server hosting that site presents your browser with something called a "certificate" to verify its identity. This certificate contains identity information, such as the address of the website, which is verified by a third party trusted by your computer. By checking that the address in the certificate matches the address of the website, it is possible to verify that you are securely communicating with the website that you intended and not a third party (such as an attacker on your network). In this case, the server certificate or an intermediate CA certificate presented to your browser has been signed using a weak signature algorithm such as RSA-MD2. Recent research by computer scientists showed that the signature algorithm is weaker than prev