[
https://issues.apache.org/jira/browse/OFBIZ-12028?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17209439#comment-17209439 ]
Jacques Le Roux commented on OFBIZ-12028:
-----------------------------------------
Oops, F12 "the browser's console" of course, I thought about OFBiz console/logs :/
This is only when you use locahost has server because we have a very simple embedded self signed certificate (see *.jks files and OFBIZ-9659). We recommend to use Letsencrypt for your servers.
BTW somehow related we also still use SHA-1 internally for some encoding,
We don't worry about that yet, see
https://markmail.org/message/vtwktynlecx7lczl and OFBIZ-9150
In case this can reassure you:
https://www.keylength.com/en/4/ , quoting:
bq. (2) SHA-1 has been demonstrated to provide less than 80 bits of security for digital signatures, which require collision resistance. In 2020, the security strength against digital signature collisions remains a subject of speculation.
I close as "not a problem"
> warning of sha-1
> ----------------
>
> Key: OFBIZ-12028
> URL:
https://issues.apache.org/jira/browse/OFBIZ-12028> Project: OFBiz
> Issue Type: Bug
> Components: ALL COMPONENTS
> Affects Versions: Trunk
> Reporter: Alex Bodnaru
> Priority: Major
>
> this warning is cluttering the console, potentially hiding more relevant warnings/errors.
> This site makes use of a SHA-1 Certificate; it’s recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1
> maybe some configuration will help choosing another algo?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
