Closed Bug 1345862 Opened 7 years ago Closed 7 years ago

Remove ssl_sig_ecdsa_sha1 and ssl_sig_rsa_pkcs1_sha1

Categories

(NSS :: Libraries, enhancement)

Product:
NSS
Component:
Libraries
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: u570621, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 20170301181722

Steps to reproduce:

These signature algorithms have been deprecated for a while, and should be on their way out.
Assignee: nobody → nobody
Group: firefox-core-security
Component: Untriaged → Libraries
Product: Firefox → NSS
Version: Trunk → trunk
Actually, we can't do this, for several reasons:

1. Firefox is not the only consumer of NSS, and other consumers may have different SHA-1 deprecation policies.
2. Even Firefox accepts SHA-1 for user-installed trust anchors, we merely reject it for WebPKI trust anchors.
3. They're part of the NSS public API so at most we could disable them.

Given that any deprecation in NSS is very far on the horizon, I think we should resolve this WONTFIX. I'm needinfoing rrelyea in case he has a different view.
Flags: needinfo?(rrelyea)
I concur with eric (albeit 3 months later).
Flags: needinfo?(rrelyea)
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.