Closed Bug 1178952 Opened 10 years ago Closed 10 years ago

replace www.mozilla.org & download.mozilla.org certs with a non-sha1 cert

Categories

(Infrastructure & Operations :: SSL Certificates, task)

Product:
Infrastructure & Operations
Component:
SSL Certificates
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1064387

People

(Reporter: bhearsum, Unassigned)

Details

(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/1372] )

sha-1 cert support is vulnerable to collision attacks and is being deprecated (https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/). We should make sure all parts of our product delivery pipeline are not using sha-1. We're taking care of the update server and code signing in bugs 1116409 and 1079858 respectively, and I think www.mozilla.org and download.mozilla.org are the last pieces.
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/1372]
Right now I am proposing to do this when the current certificate expire at the end of 2015 and end XP SP2 suppot completely when moving to VS2015 next year.
bug 1064387 was filed awhile back about this, and has a lot more background.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.