You are viewing limited content. For full access, please sign in.

Question

Question

SHA-2 and Laserfiche Compliance

Updated August 1, 2014
asked on July 31, 2014

Hello. I received the following email from an existing customer. I was not able to find any documentation about Laserfiche and SHA-2. Any input is greatly appreciated.

 

Is LF and its associated programs SHA2 compliant?  I need to know this info for purposes of SSL certificate purchase for our client remote connections. If not now, are there plans in place for a timeframe  for when it will be? Will that be an upgrade to the existing program?

 

0 0

Answer

SELECTED ANSWER
replied on July 31, 2014 Show version history

SHA-2 is a set of hashing algorithms, such as SHA-256, designed by the NSA, and is a component of NSA Suite B. Laserfiche 9.1 has made several changes mentioned in KB 1013370 (the KB Ramon linked above), to support the various algorithms specified by Suite B.

 

However, which certificates types are supported for SSL should not be dependent on Laserfiche at all: Laserfiche can use SSL, but we do not have our own implementation of SSL. Whether or not you can use SHA-2 certificates for SSL should only be dependent on whether your machines support it. Microsoft has an article on SHA-2 support in Windows. Windows 2008, Vista, and 7 all support SHA-2 out of the box. 2003 and XP can download service packs or hotfixes, but XP still does not have full support with the service pack.

 

For more information on configuring SSL on the Laserfiche Server on Windows 2008+, Vista, or 7, see Matthew's answer to this previous post.

 

In short, if you are using Windows 2008 or Vista or newer, you should not have issues using SHA-2 certificates for SSL (you may also be able to use SHA-2 certificates on XP or Windows 2003 machines, but it will require more setup).

2 0

Replies

replied on July 31, 2014 Show version history

I did find this KB that states

 

  • Laserfiche now uses PBKDF2 with HMAC-SHA-256 and 100000 iterations for user password storage. For existing accounts, Laserfiche will use the new algorithm when users change their password. Laserfiche will automatically use the new algorithm when new user accounts are created. (106985)
1 0
replied on July 31, 2014

SHA-2 is a set of hashing algorithms, such as SHA-256, designed by the NSA, and is a component of NSA Suite B. Laserfiche 9.1 has made several changes mentioned in KB 1013370 (the KB Ramon linked above), to support the various algorithms specified by Suite B.

 

However, which certificates types are supported for SSL should not be dependent on Laserfiche at all: Laserfiche uses SSL, but we do not have our own implementation of SSL. Whether or not you can use SHA-2 certificates for SSL should only be dependent on whether your machines support it. Microsoft has an article on SHA-2 support in Windows. Windows 2008, Vista, and 7 all support SHA-2 out of the box. 2003 and XP can download service packs or hotfixes, but XP still does not have full support with the service pack.

 

For more information on configuring SSL on the Laserfiche Server on Windows 2008+, Vista, or 7, see Matthew's answer to this previous post.

 

In short, if you are using Windows 2008 or Vista or newer, you should not have issues using SHA-2 certificates for SSL (you may also be able to use SHA-2 certificates on XP or Windows 2003 machines, but it will require more setup).

replied on August 1, 2014

Hi Joseph, 

 

If your question has been answered, please let us know by clicking the "This answered my question" button on the response.

 

If you still need assistance with this matter, just update this thread. Thanks!

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...