jimbojimbo
Vendor
In just a couple of days SHA-1 becomes deprecated (see NIST SP800-131Ar1, PCI-DSSv3.2, and CA Browser Forum Baseline Requirements Certificate Policy v1.4.1). What does that mean for Avaya Systems?
Those required to comply with DISA/FIPS/FISMA or PCI-DSS running CM6.3.5 or below will be out of compliance. Those on newer releases may be out of compliance if SHA-1 certificates were not replaced (do not automatically get replaced with an upgrade).
Will the Federal Government respond accordingly? Let's face it, SHA-1 deprecation has been coming for years. Nobody should be surprised. Do they deny you contracts or fine you?
If you upgraded to CM7.x on the Avaya AVP platform you might have a problem. Unfortunately the Avaya Utility Server is still issued SHA-1 certificates when the Auth file is loaded. You might want to get an Avaya root authorization for the Utility Server so you can replace the web certificate.
The good news for those still using SHA-1.....
Microsoft updated their deprecation policy in November. The Edge and Internet Explorer browsers won't simply reject SHA-1 with the software update in February. SHA-1 rejection is TBD. At least you should be able to access your systems.
Of course we have already seen instances where applications dependent on underlying crypto libraries have failed due to updates to the libraries.
Those required to comply with DISA/FIPS/FISMA or PCI-DSS running CM6.3.5 or below will be out of compliance. Those on newer releases may be out of compliance if SHA-1 certificates were not replaced (do not automatically get replaced with an upgrade).
Will the Federal Government respond accordingly? Let's face it, SHA-1 deprecation has been coming for years. Nobody should be surprised. Do they deny you contracts or fine you?
If you upgraded to CM7.x on the Avaya AVP platform you might have a problem. Unfortunately the Avaya Utility Server is still issued SHA-1 certificates when the Auth file is loaded. You might want to get an Avaya root authorization for the Utility Server so you can replace the web certificate.
The good news for those still using SHA-1.....
Microsoft updated their deprecation policy in November. The Edge and Internet Explorer browsers won't simply reject SHA-1 with the software update in February. SHA-1 rejection is TBD. At least you should be able to access your systems.
Of course we have already seen instances where applications dependent on underlying crypto libraries have failed due to updates to the libraries.