Opened 8 months ago

Closed 8 months ago

#1593 closed defect (fixed)

sge_ca should use sha256 signatures by default

Reported by: tourist Owned by:
Priority: normal Milestone:
Component: sge Version: 8.1.9
Severity: minor Keywords: csp sge_ca
Cc: jlb@…

Description

Current versions of openssl (e.g. the one in RHEL/CentOS 7) have deprecated older, less secure signature algorithms. This includes md5, which is used by default by sge_ca when running in CSP mode. The result of this is hard-to-diagnose failures when trying to run in CSP mode on such a distribution. Examples include sge_qmaster failing to start on CentOS 7, and a CentOS 7 submit host failing when trying to talk to a CentOS 6 queue master.

Changing the default signature algorithm to sha256 seems to entirely resolve this issue.

Change History (1)

comment:1 Changed 8 months ago by dlove

  • Resolution set to fixed
  • Status changed from new to closed

This was fixed by [4928]

Note: See TracTickets for help on using tickets.