RHEL9+, RSASHA1 and CVE-2025-8677
Bjørn Mork
bjorn at mork.no
Fri Oct 31 11:37:35 UTC 2025
Time to re-evaluate the default SHA1 policies on RHEL...
Quoting from https://bind9.readthedocs.io/en/v9.20.15/notes.html#security-fixes
DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677)
Previously, if a matching but cryptographically invalid key was
encountered during DNSSEC validation, the key was skipped and not
counted towards validation failures. named now treats such DNSSEC keys
as hard failures and the DNSSEC validation fails immediately, instead of
continuing with the next DNSKEYs in the RRset.
IIUC, this means that any zone with a RSASHA1 key will now fail
validation on Redhat systems using default policies, even if other keys
are present.
Is that correct? Is it intentional?
If correct, then I believe it will break a number of zones with leftover
RSASHA1 keys and signatures. Anyone still having such keys in their
zones should purge them ASAP. And resolver operators running BIND on
RHEL9 should consider running
update-crypto-policies --set DEFAULT:SHA1
to prevent unexpected failures.
Bjørn
More information about the bind-users
mailing list