SHA1 certificate con exposed services

[fastfire]

The services exposed by Tpot on ports 465/tcp, 993/tcp, 995/tcp expose a TSL certificate that uses SHA1 as the algorithm. SHA-1 is vulnerable to partial-message collision attacks; Internet Explorer, Chrome, and Firefox will not accept SHA-1-signed certificates starting in 2017. Is it possible to regenerate the certificate with SHA256 or is SHA1 a specific design choice of the project? Thanks.

[t3chn0m4g3]

Those are part of the Heralding honeypot. This needs to be fixed upstream, once patched we can update the images accordingly.