The Fedora Project developers have outlined a plan to disable support for SHA-1 digital signatures in Fedora Linux 39. Disabling involves removing trust in signatures that use SHA-1 hashes (SHA-224 will be declared as the minimum supported in digital signatures), but retaining support for HMAC with SHA-1 and providing the ability to enable the LEGACY profile with SHA-1. After applying the changes, the OpenSSL library will by default block the generation and verification of signatures with SHA-1.
The disabling is planned to take place in several stages: In Fedora Linux 36, SHA-1 based signatures will be removed from the "FUTURE" policy, a test policy TEST-FEDORA39 is provided to disable SHA-1 at the request of the user (update-crypto-policies --set TEST-FEDORA39 ), when creating and verifying signatures based on SHA-1, warnings will be displayed in the log. During the pre-beta release of Fedora Linux 38, the rawhide repository will have a policy against SHA-1 signatures, but this change will not apply to the beta and release of Fedora Linux 38. With the release of Fedora Linux 39, the SHA-1 signature deprecation policy will be applied by default.
The proposed plan has not yet been reviewed by the FESCo (Fedora Engineering Steering Committee), which is responsible for the technical part of the development of the Fedora distribution. The end of support for signatures based on SHA-1 is due to an increase in the efficiency of collision attacks with a given prefix (the cost of choosing a collision is estimated at several tens of thousands of dollars). In browsers, certificates authenticated using the SHA-1 algorithm have been marked as insecure since mid-2016.
Source: opennet.ru