RStudio on Red Hat 9 fails to create connection to Connect account due to SHA-1 deprecation

[ronblum]

RStudio Desktop on Red Hat 9 is failing to create a connection to Posit Connect via the Publishing UI. Red Hat 9 has deprecated SHA-1 and doesn't allow it by default. As a result, when I try to connect to an account, the following message is repeated and in the end the connection fails.

Error in hash_sign(md, sk) : 
  OpenSSL error: 40F90A80E87F0000:error:03000098:digital envelope routines:evp_pkey_ctx_set_md:invalid digest:crypto/evp/pmeth_lib.c:961:

Two workarounds: 1) Allow SHA-1 on Red Hat 9 with update-crypto-policies --set LEGACY which is Red Hat's suggestion in their blog. They discourage this, though. 2) Connect programmatically with rsconnect::connectApiUser https://rstudio.github.io/rsconnect/reference/connectApiUser.html

[gbenuola]

Ticket ref: 89425

[npelikan]

Third workaround (customer reported): setting OPENSSL_ENABLE_SHA1_SIGNATURES=1 as an envvar resolves this error.

[samcofer]

Ticket reference: https://rstudioide.zendesk.com/agent/tickets/101892

[christierney]

https://rstudioide.zendesk.com/agent/tickets/101890

[tomdewar]

Same problem experienced for a client of mine with newly installed Workbench + Connect running on RHEL9 servers. Problem has been going on for weeks. http://support.posit.co/hc/requests/100898

I tried the suggestion of setting OPENSSL_ENABLE_SHA1_SIGNATURES=1 as an env on both servers first. This did not work.

I then followed the linked-to RHEL workaround and ran update-crypto-policies --set DEFAULT:SHA1 and this did work. 🎉