8964aebbfb
otherwise it is treated as insecure. The RSAMD5 algorithm is deprecated (RFC6725). The MD5 hash is considered weak for some purposes, if you want to sign your zone, then RSASHA256 is an uncontested hash. git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2760 be551aaa-1e26-0410-a405-d3ace91eadb9
23 lines
542 B
Diff
23 lines
542 B
Diff
Index: validator/val_secalgo.c
|
|
===================================================================
|
|
--- validator/val_secalgo.c (revision 2759)
|
|
+++ validator/val_secalgo.c (working copy)
|
|
@@ -153,7 +153,7 @@
|
|
switch(id) {
|
|
case LDNS_RSAMD5:
|
|
/* RFC 6725 deprecates RSAMD5 */
|
|
- return 0;
|
|
+ return 1;
|
|
case LDNS_DSA:
|
|
case LDNS_DSA_NSEC3:
|
|
case LDNS_RSASHA1:
|
|
@@ -617,7 +617,7 @@
|
|
switch(id) {
|
|
case LDNS_RSAMD5:
|
|
/* RFC 6725 deprecates RSAMD5 */
|
|
- return 0;
|
|
+ return 1;
|
|
case LDNS_DSA:
|
|
case LDNS_DSA_NSEC3:
|
|
case LDNS_RSASHA1:
|