Shibboleth 2.5.1 blacklist of RSA 1.5

Cantor, Scott cantor.2 at
Tue Jan 29 13:03:58 EST 2013

On 1/29/13 12:52 PM, "praveen" <praveen.pinto at> wrote:

>Here was the part of the log that first led me to believe the customer
>rsa 1.5, and led me down the path ..

I'm not saying somebody's not trying to use it, I'm saying that's not a
justification for compromising your key. The encryption you can punt,
that's fine, but do NOT use a single key pair for both functions if you
turn on 1.5. At least then only the encryption key is vulnerable.

-- Scott

More information about the users mailing list