From d5ffd9ddd6edd21e190bb61547c835892e917a6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Wed, 3 Oct 2018 13:33:39 +0200
Subject: eldap: Update default hash algorithm in FT

Update default hash algorithm (md5 -> sha1) used for generating
the server and CA certificates.

Default support for md5 has been removed for TLS 1.2 and OTP-15248
introduced a check for the whole {hash, signature} algorithm pair
as defined by RFC5246.

Change-Id: I964914914f522c10ef11c8c7c72bb9e4a0c38010
---
 lib/eldap/test/make_certs.erl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/eldap')

diff --git a/lib/eldap/test/make_certs.erl b/lib/eldap/test/make_certs.erl
index cfa43289e1..e8a13ae113 100644
--- a/lib/eldap/test/make_certs.erl
+++ b/lib/eldap/test/make_certs.erl
@@ -348,7 +348,7 @@ req_cnf(C) ->
      "default_bits	= ", integer_to_list(C#config.default_bits), "\n"
      "RANDFILE		= $ROOTDIR/RAND\n"
      "encrypt_key	= no\n"
-     "default_md	= md5\n"
+     "default_md	= sha1\n"
      "#string_mask	= pkix\n"
      "x509_extensions	= ca_ext\n"
      "prompt		= no\n"
@@ -394,7 +394,7 @@ ca_cnf(C) ->
      ["crl_extensions = crl_ext\n" || C#config.v2_crls],
      "unique_subject  = no\n"
      "default_days	= 3600\n"
-     "default_md	= md5\n"
+     "default_md	= sha1\n"
      "preserve	        = no\n"
      "policy		= policy_match\n"
      "\n"
-- 
cgit v1.2.3