Closed
Bug 1321114
Opened 8 years ago
Closed 7 years ago
Remote SHA-1 shut-off
Categories
(Core :: Security: PSM, enhancement, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
People
(Reporter: jcj, Assigned: keeler)
References
()
Details
(Whiteboard: [psm-assigned])
Per the SHA-1 Shutoff Plan [1], we're going to use restartless-addon delivery to flip the "security.pki.sha1_enforcement_level" preference level added in Bug 1254667 to "ImportedRoot". This is going to built on the code from the telemetry experiment in Bug 1311479. [1] https://wiki.mozilla.org/Security/CryptoEngineering/SHA-1
Assignee | ||
Updated•8 years ago
|
Priority: -- → P1
Whiteboard: [psm-assigned]
Reporter | ||
Comment 1•7 years ago
|
||
SHA-1 is disabled for most all Firefox users as of last weekend in Bug 1339662. [1] Some percentage of Firefox users don't receive these kinds of updates, though, and will only have their preference changed when they upgrade to 52 (due to the preference change in Bug 1330043). ESR users will also get it in ESR 52. Continued use of SHA-1 certificates issued through the Mozilla root program will require adjusting the about:config preference security.pki.sha1_enforcement_level to either 4 (permit certificates pre-2016) or 0 (allow all SHA-1). There's some more resources for server operators at FxSiteCompat.com [2], as well as other places around the Internet. [1] https://blog.mozilla.org/security/2017/02/23/the-end-of-sha-1-on-the-public-web/ [2] https://www.fxsitecompat.com/en-CA/docs/2016/sha-1-certificates-issued-by-public-ca-will-no-longer-be-accepted/
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•