Support SHA-2 for SSL certificate fingerprints
problem
Gajim checks and displays only SHA-1 for SSL certificate fingerprints. There have been reported weaknesses in SHA-1. Upgrade to support SHA-2.
analysis
In 2005, cryptanalysts found attacks on SHA-1 suggesting that the algorithm might not be secure enough for ongoing use. https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html NIST required many applications in federal agencies to move to SHA-2 after 2010 because of the weakness. http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html In 2013 Microsoft announced their deprecation policy on SHA-1 according to which Windows will stop accepting SHA-1 certificates in SSL by 2017. http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx
enhancement recommendation
Add support for SHA2-256 fingerprints.
Add config option ssl_fingerprint_sha256
and code for checking and GUI.