Netcraft’s SSL Survey shows that 14% of valid third party SSL certificates have been issued using MD5 signatures . an algorithm that has recently been demonstrated to be vulnerable to attack by producing a fake certificate authority certificate signed by a widely-trusted third party certificate authority.
The researchers achieved this by producing a hash collision . they submitted valid certificate requests to a certificate authority (CA), while producing a second certificate that had the same signature but entirely different details. When the CA signed the valid certificate, the signature applied also to the invalid certificate, allowing the researchers to spoof any secure website that they liked. This attack is the first practical use against SSL of already-known attacks against the MD5 checksum algorithm.
A lot of crypto mumble jumble there. For the mere mortals like us, it’s probably easier to just check the websites that we are hosting are indeed using the more hack-proof SHA1 rather than MD5 to sign the certificate.
Check on Your Browser
It’s relatively easy to do with modern browsers — just bring out the certificate dialog box and check for the “Signature Algorithm” field. Here’s one from Firefox:
And the equivalent on Internet Explorer.
It says SHA so it’s safe (for now at least).
Check with OpenSSL
If you are a command line junky it’s pretty easy to download the certificate of a website using OpenSSL, and then check the signature algorithm in there. Here is a small script that does it.
#!/bin/sh echo "HEAD / HTTP/1.0 Host: $1:443 EOT " \ | openssl s_client -connect $1:443 2>&1 \ | sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' \ | openssl x509 -noout -text -certopt no_signame \ | grep 'Signature Algorithm:'
So when you run it:
$ get_sigalg.sh www.google.com Signature Algorithm: sha1WithRSAEncryption
Looks like it’s safe over there. Let’s try someone else.
$ get_sigalg.sh www.<blah>.com.au Signature Algorithm: md5WithRSAEncryption
Oops! Thus the hostname has been hidden to protect the innocent. Check and make sure the SSL certificates of your sites are not signed with vulnerable MD5 hash!