Closed
Bug 1345862
Opened 7 years ago
Closed 7 years ago
Remove ssl_sig_ecdsa_sha1 and ssl_sig_rsa_pkcs1_sha1
Categories
(NSS :: Libraries, enhancement)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: u570621, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0 Build ID: 20170301181722 Steps to reproduce: These signature algorithms have been deprecated for a while, and should be on their way out.
Updated•7 years ago
|
Assignee: nobody → nobody
Group: firefox-core-security
Component: Untriaged → Libraries
Product: Firefox → NSS
Version: Trunk → trunk
Comment 1•7 years ago
|
||
Actually, we can't do this, for several reasons: 1. Firefox is not the only consumer of NSS, and other consumers may have different SHA-1 deprecation policies. 2. Even Firefox accepts SHA-1 for user-installed trust anchors, we merely reject it for WebPKI trust anchors. 3. They're part of the NSS public API so at most we could disable them. Given that any deprecation in NSS is very far on the horizon, I think we should resolve this WONTFIX. I'm needinfoing rrelyea in case he has a different view.
Flags: needinfo?(rrelyea)
Updated•7 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•