xD: use SHA-256 for certificate fingerprints

Just like xS. 2.0.0 is the ideal time for such a breaking change.
2022-09-26 13:56:45 +02:00
parent 614fd98fc1
commit 7c74e6615d
3 changed files with 8 additions and 6 deletions
--- a/README.adoc
+++ b/README.adoc
@@ -141,10 +141,10 @@ Client Certificates
 certificate specified by the respective server's `tls_cert` option if you add
 `sasl` to the `capabilities` option and the server supports this.

-'xD' uses SHA-1 fingerprints of TLS client certificates to authenticate users.
+'xD' uses SHA-256 fingerprints of TLS client certificates to authenticate users.
 To get the fingerprint from a certificate file in the required form, use:

- $ openssl x509 -in public.pem -outform DER | sha1sum
+ $ openssl x509 -in public.pem -outform DER | sha256sum

 Custom Key Bindings in xC
 -------------------------