Enable SHA-1 signatures in OpenSSL on Red Hat Enterprise Linux 10

Solution Verified - Updated 4 Feb 2025

Environment

Red Hat Enterprise Linux 10
OpenSSL

Issue

Red Hat Enterprise Linux (RHEL) 10 has disabled the creation and verification of signatures that use the SHA-1 digest in OpenSSL by default. SHA-1 is Content from sha-mbles.github.io is not included.considered insecure (Github).

You can re-enable support for SHA-1 to ensure compatibility with legacy software and hardware that does not support newer digest algorithms.

Resolution

SHA-1 can be used in different contexts. Instructions to re-enable support for SHA-1 differ depending on whether it is required in TLS, or for other protocols that use OpenSSL.

Use outside of TLS (Kerberos, DNSSEC, …)

To re-enable SHA-1 signatures in a non-TLS context, create a new file /etc/pki/tls/openssl-sha1.cnf with the following content:

.include /etc/ssl/openssl.cnf
[evp_properties]
rh-allow-sha1-signatures = yes

Use in applications

Next, set the OPENSSL_CONF environment variable to /etc/pki/tls/openssl-sha1.cnf for the application or service that requires SHA-1 signatures. For applications, you can do this on the command line:

$ OPENSSL_CONF=/etc/pki/tls/openssl-sha1.cnf <your-application>

Use in services

For systemd services, create a systemd override file for the particular service using systemctl edit. For example, for the unbound.service, run systemctl edit unbound.service and in the editor that opens, add

[Service]
Environment=OPENSSL_CONF=/etc/pki/tls/openssl-sha1.cnf

Save and close the file, restart the service using systemctl restart. Then, check that setting the environment variable was successful:

# tr '\0' '\n' </proc/"$(systemctl show --property MainPID --value <servicename>)"/environ | grep OPENSSL_CONF

Allow SHA-1 system-wide

You can allow SHA-1 on the system by using the system-wide cryptographic policies. To do that, create a file /etc/crypto-policies/policies/modules/SHA1.pmod with the following content:

# This subpolicy adds SHA1 hash and signature support

hash = SHA1+
sign = ECDSA-SHA1+ RSA-PSS-SHA1+ RSA-SHA1+
sha1_in_certs = 1

Apply the previous configuration changes by entering the update-crypto-policies --set DEFAULT:SHA1 command. If the update-crypto-policies tool is not available, install the crypto-policies-scripts package.

Note that this lowers the security of the entire operating system.

Use of SHA-1 in TLS

Two major parts of TLS use SHA-1 signatures: X.509 certificates, and TLS signature algorithms.

If your network depends on certificates signed with SHA-1, modernize the certificate chain. The CA/Browser forum, which defines requirements for publicly accepted certificate authorities, Content from cabforum.org is not included.has adopted a ballot (cabforum.org) to phase out certificates signed with SHA-1 by January 1st, 2016. Private certificate authorities that still use SHA-1 should be replaced.

The use of SHA-1 as a TLS signature algorithm is commonly required with TLS versions lower than 1.2, which do not support the negotiation of a signature algorithm and always use a combination of the SHA-1 and MD-5 digests. TLS 1.2 introduced the Content from www.rfc-editor.org is not included.signature_algorithms extension, which allows the negotiation of modern hash algorithms.

If your scenario requires support for a certificate chain that uses SHA-1, TLS versions earlier than 1.2, or TLS 1.2 with a very limited set of supported signature algorithms, create a new file /etc/pki/tls/openssl-sha1-tls.cnf with the following content:

.include /etc/pki/tls/openssl.cnf

[openssl_init]
ssl_conf = ssl_module_sha1

[evp_properties]
rh-allow-sha1-signatures = yes

[ssl_module_sha1]
system_default = crypto_policy_sha1

[crypto_policy_sha1]
# @SECLEVEL=0 is required to allow SHA-1, the rest are copied from the DEFAULT policy but can be adjusted as required
CipherString = @SECLEVEL=0:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-kRSA:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
# TLS < 1.2 can be enabled here, if required
TLS.MinProtocol = TLSv1.2
TLS.MaxProtocol = TLSv1.3
DTLS.MinProtocol = DTLSv1.2
DTLS.MaxProtocol = DTLSv1.2
# Copied from the DEFAULT policy, with ECDSA+SHA1:RSA+SHA1 added at the end
SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1
Groups = X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192

Then, follow the previously described steps in the "Use in applications" or "Use in services" sections to use this file in your application or service.

Note that setting @SECLEVEL=0 in the CipherString option is required to enable SHA-1, but this setting also enables many other insecure algorithms. To lower the attack surface, run services that require such a configuration behind a proxy that supports modern TLS.

Root Cause

Signatures using the SHA-1 hash algorithm have been disabled by default in Red Hat Enterprise Linux 9. The SHA1 system-wide crypto-policies module that existed in Red Hat Enterprise Linux 9 can no longer enable SHA-1 in TLS in OpenSSL because this requires setting @SECLEVEL=0 due to an upstream change, which also allows other insecure algorithms.

Diagnostic Steps

The following error messages might be indicators of this problem:

verify error:num=68:CA signature digest algorithm too weak
verify error:num=7:certificate signature failure
007621A1FFFF0000:error:0A000076:SSL routines:tls12_copy_sigalgs:no suitable signature algorithm:ssl/t1_lib.c:2648:
0026EFB8FFFF0000:error:0A000410:SSL routines:ssl3_read_bytes:ssl/tls alert handshake failure:ssl/record/rec_layer_s3.c:909:SSL alert number 40
0006F986FFFF0000:error:0A000178:SSL routines:tls1_set_server_sigalgs:no shared signature algorithms:ssl/t1_lib.c:2181:

SBR

Product(s)

Red Hat Enterprise Linux

Components

openssl

Category

Configure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.