SOLVED SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)

[clearchaos]

Hi,

My server is failing a PCI scan on a few ports with:

"SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)" - CVE-2004-2761 BID : 33065, 11849 Other references { cert : 836068osvdb : 45127, 45106, 45108cwe : 310 }

The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.

|-Subject : C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : May 30 10:48:38 2000 GMT
|-Valid To : May 30 10:48:38 2020 GMT
​

I've reissued the server certificate but to no avail. Google is taking me around in circles and I'm not finding the answer. Can anyone offer any advice?

Thanks.

 

[rpvw]

This thread at Expert Exchange might be useful to you.

It rather looks like you will need to get a new certificate, and you may need to consider moving to a different CA who uses acceptable algorithms in their certificate chain..

Following information is from the Cryptographic Storage Cheat Sheet - OWASP

Only use approved public algorithms such as AES, RSA public key cryptography, and SHA-256 or better for hashing. Do not use weak algorithms, such as MD5 or SHA1.

If the information that you posted is correct.......

|-Subject : C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : May 30 10:48:38 2000 GMT
|-Valid To : May 30 10:48:38 2020 GMT

........this certificate was generated in the year 2000 and has not been considered secure since 2005, and many browsers and organisations have stopped accepting it since 2017.

Further reading from :
https://blog.qualys.com/ssllabs/2014/09/09/sha1-deprecation-what-you-need-to-know
Google Online Security Blog: Gradually sunsetting SHA-1

 

[clearchaos]

Thanks for your reply, it's very much appreciated.

I understand why sha1 has to go, but it seems like the root certificate in the chain is the problem here, is that right? It's the only place I can find reference to sha1 in an ssllabs scan. The ssllabs report shows two paths, the first is OK, but the second has the entry shown below - should there even be two paths?

4 In trust store AddTrust External CA Root Self-signed
Fingerprint SHA256: 687f[REMOVED]d2ff2
Pin SHA256: lCppFqbkrlJ3[REMOVED]EUk7tEU=
RSA 2048 bits (e 65537) / SHA1withRSA
Weak or insecure signature, but no impact on root certificate
​

The certificate on the site is cPanel generated (autossl).
PCI scans have been fine up until this month.

 

[rpvw]

This is very strange. I never noticed it before as I don't try and get PCI compliance.

I just ran one of my sites AutoSSL through ssllabs and got exactly the same result as you did.

Perhaps someone at cPanel will enlighten us.

 

[clearchaos]

Thanks again.

At least it's (probably) not down to config on my server if you can also replicate the issue.

Fingers crossed a cPanel sage will help

 

[clearchaos]

Just found this, which makes sense:

Why are CA root certificates all SHA-1 signed (since SHA-1 is deprecated)?

I suspect I may have to go back to the scanning company for more info.

 

[DomineauX]

This is coming up on PCI scans a lot now for SSL certs generated for the free cPanel hostname certificates.

 

[cPanelMichael]

Hi @clearchaos,

Could you open a support ticket so we can take a closer look at your system to verify exactly which certificates are installed for the server's hostname?

How to Open a Technical Support Ticket - cPanel Knowledge Base - cPanel Documentation

You can post the ticket number here and I'll update this thread with the outcome for everyone else to see.

Thank you.

 

[clearchaos]

Hi - just a quick update on this. I eventually raised this as a "false positive" with the following statement:

I believe this to be a false positive as SHA-1 is only used on the root certificate. According to Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm, SHA-1-based signatures for trusted root certificates are not a problem because TLS clients trust them by their identity, rather than by the signature of their hash (ref: Google Online Security Blog: Gradually sunsetting SHA-1) .
​

This was accepted by the scanning company.

Thanks for your help.

 

[cPanelMichael]

Hi @clearchaos,

Thank you for sharing the outcome.