dotnet-policy-service[bot]
commented
1 month ago Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones See info in area-owners.md if you want to be subscribed.
Closed richlander closed 4 days ago
dotnet-policy-service[bot]
commented
1 month ago Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones See info in area-owners.md if you want to be subscribed.
richlander
commented
1 month ago Note that we'll need to do this in .NET 8, 9, and main branches. We should have a conversation on whether this makes sense to backport to .NET 6. .NET 6 is supported on Azure Linux 3.0. I had been intending on adding this helix image to the .NET 6 branch.
bartonjs
commented
1 month ago There aren't any product changes anticipated here. The underlying library says "thou shalt not do RSA signatures with MD5" (or MD4, etc), and we're just going to accept that.
All we're going to do is make the tests tolerate it.
Given that there are only 3 patch updates left for 6, I don't think it makes any sense to port test-only changes there, or turn on a new OS in the test matrix.
vcsjones
commented
1 month ago Also to set some expectations, there are a considerable number of things broken besides RSA+MD5 (see attached log with full results). It's going to take time to work through these, and not all of them will be fixed by OPENSSL_ENABLE_MD5_VERIFY, in fact most won't.
vcsjones
commented
4 weeks ago As a condition to considering this issue complete, we need to remember to undo this change:
vcsjones
commented
4 days ago This is complete and all backports are merged, so I think this can be closed.
Please re-open if there are still any outstanding issues to address.
mainrelease/9.0https://github.com/dotnet/runtime/pull/106980release/8.0https://github.com/dotnet/runtime/pull/107061Context: https://github.com/dotnet/runtime/pull/106330#issuecomment-2291831508