Description
When modern openssl is used (i.e OpenSSL 1.1.1f, which is default for ubuntu 20.04, for example), provided certificates are not accepted, because Sha1WithRSAEncryption signature is used, that is widely considered flaw. So certificates needs to be renewed (i.e. with sha256WithRSAEncryption signature)
Example error:
Connecting to 127.0.0.1:11110
140246535644992:error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak:../ssl/ssl_rsa.c:310:
Failed to connect :Can not set client certificate file for secure connection: path /home/ivandasch/ignite/modules/platforms/cpp/thin-client-test/config/ssl/client_full.pem
Affected ignite-odbc-tests and ignite-thin-client-tests
Attachments
Attachments
Issue Links
- links to