SHA-1, SHA-2 (Google Chrome and Microsoft IE) and POODLE Issue
We are running MEG 7.6.2 on-box quarantine (no MQM)
We currently have SHA-1 SSL certificate from a third party (entrust.com).
End users access the box to release their email quarantine over the web.
Is MEG 7.6.2 compatibly with SHA-2? In another words, if I upgrade my SHA-1 SSL certificate to SHA-2 and import to the boxes would it work without any problem? Is the process of generate/import the SSL SHA2 the same as SHA-1 on the MEG?
Also we are concerned about the new exploit POODLE. Do you guys know how to avoid problems with POODLE attack? - (what a lame name!!! somebody should change the name from POODLE to SHARK attack )
Re: SHA-1, SHA-2 (Google Chrome and Microsoft IE) and POODLE Issue
I've got the following from McAfee support.
I am going to test it on the next couple of days.
Hope it helps
Currently the McAfee Email Gateway (MEG) only allows SHA-1 from the management console. On the command line the current version of openssl (1.0.1e-fips) actually defaults to using SHA-2 for signing requests.
Log on via SSH on the backend of the appliance.
1. First create a private key with the filename of privatekey.pem
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.