We are running MEG 7.6.2 on-box quarantine (no MQM)
We currently have SHA-1 SSL certificate from a third party (entrust.com).
End users access the box to release their email quarantine over the web.
Is MEG 7.6.2 compatibly with SHA-2? In another words, if I upgrade my SHA-1 SSL certificate to SHA-2 and import to the boxes would it work without any problem? Is the process of generate/import the SSL SHA2 the same as SHA-1 on the MEG?
Also we are concerned about the new exploit POODLE. Do you guys know how to avoid problems with POODLE attack? - (what a lame name!!! somebody should change the name from POODLE to SHARK attack )
Thanks in advance
Here is the information about POODLE for all McAfee Products - https://kc.mcafee.com/agent/index?page=content&id=SB10090
As for the SHA2 - We’ll have no problems verifying a certificate signature that uses SHA-256 or better as the hashing algorithm.
I've got the following from McAfee support.
I am going to test it on the next couple of days.
Hope it helps
Currently the McAfee Email Gateway (MEG) only allows SHA-1 from the management console. On the command line the current version of openssl (1.0.1e-fips) actually defaults to using SHA-2 for signing requests.
Log on via SSH on the backend of the appliance.
1. First create a private key with the filename of privatekey.pem
openssl genrsa -out privatekey.pem 2048
openssl genpkey -algorithm RSA -out privatekey.pem -pkeyopt rsa_keygen_bits:2048
2. Use the private key to create a CSR with the filename of sha256.csr
Note: It would probably be best to limit it to sha256
openssl req -new -sha256 -nodes -key privatekey.pem -out sha256.csr
3. To verify, you can run this command
$ openssl req -noout -text -in sha256.csr | grep -E "Signature|Public-Key"
Public-Key: (2048 bit)
Signature Algorithm: sha256WithRSAEncryption
You are specifically looking for the line “Signature Algorithm: sha256Wit