Remove MD5 & SHA1 from certificate validation

[rugk]

Please remove SHA-1 and MD5 as options for verifying certificates. MD5 is known to be broken for decades and SHA-1 is considered insecure and being depreciated.

Just do not offer these insecure options anymore, so that developers cannot use them. Get security by default!

[asvetlov]

We cannot just suddenly remove something without very strong reason.
What can we do is:

1. Update documentation by suggesting SHA256 only and declaring MD5/SHA-1 deprecation
2. Raise a warning on MD5 or SHA-1 usage but keep supporting them for 1.5 years.

Volunteer is needed.

[rugk]

Yes this would be good. Although I would argue to drop MD5 support earlier than SHA-1. (maybe MD5: 0.5 years, SHA1: 1.5y)

[Taekyoon]

Can I put some messages when developers choose 'MD5' or 'SHA-1' to the functions?
And If it's okay, should I just put comment on code or print in console?

[asvetlov]

@Taekyoon I don't follow.
From my perspective it should be warnings.warn call along with logging.warning

[jake-jake-jake]

I've added a warning.warn call and have updated the docs to show that the older hashes are insecure and deprecated on this branch on my fork. What is your preferred method of testing this behavior? (I am not super familiar with PyTest.)

[asvetlov]

These tests: https://github.com/KeepSafe/aiohttp/blob/master/tests/test_client_functional.py#L256-L308 should raise warning on deprecated fingerprints.
Warning could be caught by with pytest.warns(DeprecationWarning): ... context manager.

[asvetlov]

Fixed by #1341

[lock]

This thread has been automatically locked since there has not been
any recent activity after it was closed. Please open a new issue for
related bugs.

If you feel like there's important points made in this discussion,
please include those exceprts into that new issue.