Closed
Bug 1152146
Opened 10 years ago
Closed 10 years ago
SafeBrowsing requests cause logspew about SHA-1 weakness
Categories
(Toolkit :: Safe Browsing, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1181335
| Tracking | Status | |
|---|---|---|
| firefox40 | --- | affected |
People
(Reporter: rnewman, Unassigned)
References
Details
I see *23* lines of logspew like this when launching Fennec:
---
04-07 18:22:04.721 W/GeckoConsole(28049): [JavaScript Warning: "This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1." {file: "https://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNoYXZhcjgAQAJKDAgBEPbxDBj28QwgAUoMCAEQ5_EMGOfxDCABSgwIARDy8AwY8vAMIAFKDAgBENnwDBjZ8AwgAUoMCAEQqPAMGKjwDCABSgwIARDT7wwY0-8MIAFKDAgBEObuDBjm7gwgAUoMCAEQoe4MGKHuDCABSgwIARCJ7gwYie4MIAFKDAgBEPftDBj37QwgAUoMCAEQ8-wMGPPsDCABSgwIARDZ7AwY2ewMIAFKDAgBELjsDBi47AwgAUoMCAEQtuwMGLbsDCABSgwIARCv7AwYr-wMIAFKDAgBEPrrDBj66wwgAUoMCAEQ3-sMGN_rDCABSgwIARDZ6wwY2-sMIAFKDAgBELfrDBi36wwgAUoMCAEQs-sMGLPrDCABSgwIARCm6wwYpusMIAFKDAgBEKPrDBij6wwgAUoMCAEQn-sMGJ_rDCABSgwIARCZ6wwYmesMIAFKDAgBEIHrDBiB6wwgAUoMCAEQ8eoMGPHqDCABSgwIARDM6gwYzOoMIAFKDAgBEMHqDBjB6gwgAUoMCAEQuuoMGLrqDCABSgwIARCx6gwYseoMIAFKDAgBEKLqDBii6gwgAUoMCAEQhuoMGIbqDCABSgwIARDp6QwY6ekMIAFKDAgBEObpDBjm6QwgAUoMCAEQ2-kMGNvpDCABSgwIARDX6QwY1-kMIAFKDAgBEL_pDBi_6QwgAUoMCAEQpukMGKbpDCABSgwIARCW6QwYlukMIAFKDAgBEJDpDBiQ6QwgAUoMCAEQg
---
Can we muffle these warnings, or migrate to an endpoint that doesn't use SHA-1?
|
||
Comment 1•10 years ago
|
||
We can't migrate the endpoint, no.
This is a combination of obnoxious warnings on our end and Google being slow to move away from SHA-1 (despite partially blocking it in Chrome):
https://news.ycombinator.com/item?id=9333517
Note that all Google certificates in the chain use SHA-1. For some like the root, there are no plans that I know of to migrate away from SHA-1: http://googleonlinesecurity.blogspot.be/2014/09/gradually-sunsetting-sha-1.html
"Note: SHA-1-based signatures for trusted root certificates are not a problem because TLS clients trust them by their identity, rather than by the signature of their hash."
Not a SafeBrowsing problem as far as I'm concerned.
Blocks: 1068949
|
||
Comment 2•10 years ago
|
||
Bug 1181335 has an open ni? request, so forward duping.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•