Showing results for 
Search instead for 
Did you mean: 
Level 8

SHA-1, SHA-2 (Google Chrome and Microsoft IE) and POODLE Issue

Greetings everyone,

We are running MEG 7.6.2 on-box quarantine (no MQM)

We currently have SHA-1 SSL certificate from a third party (

End users access the box to release their email quarantine over the web.

Is MEG 7.6.2 compatibly with SHA-2? In another words, if I upgrade my SHA-1 SSL certificate to SHA-2 and import to the boxes would it work without any problem? Is the process of generate/import the SSL SHA2 the same as SHA-1 on the MEG?

Also we are concerned about the new exploit POODLE. Do you guys know how to avoid problems with POODLE attack? - (what a lame name!!! somebody should change the name from POODLE to SHARK attack )

Thanks in advance

0 Kudos
2 Replies
McAfee Employee

Re: SHA-1, SHA-2 (Google Chrome and Microsoft IE) and POODLE Issue

Here is the information about POODLE for all McAfee Products -

As for the SHA2 - We’ll have no problems verifying a certificate signature that uses SHA-256 or better as the hashing algorithm.

0 Kudos
Level 8

Re: SHA-1, SHA-2 (Google Chrome and Microsoft IE) and POODLE Issue

Hi Ryan,

I've got the following from McAfee support.

I am going to test it on the next couple of days.

Hope it helps


Currently the McAfee Email Gateway (MEG) only allows SHA-1 from the management console. On the command line the current version of openssl (1.0.1e-fips) actually defaults to using SHA-2 for signing requests.

Log on via SSH on the backend of the appliance.

1. First create a private key with the filename of privatekey.pem

For 7.0.x

openssl genrsa -out privatekey.pem 2048

For 7.5.x/7.6.x

openssl genpkey -algorithm RSA -out privatekey.pem -pkeyopt rsa_keygen_bits:2048

2. Use the private key to create a CSR with the filename of sha256.csr

Note: It would probably be best to limit it to sha256

openssl req -new -sha256 -nodes -key privatekey.pem -out sha256.csr

3. To verify, you can run this command

$ openssl req -noout -text -in sha256.csr | grep -E "Signature|Public-Key"

Public-Key: (2048 bit)

Signature Algorithm: sha256WithRSAEncryption

You are specifically looking for the line “Signature Algorithm: sha256Wit


0 Kudos