Closed
Bug 1181335
Opened 9 years ago
Closed 8 years ago
https://safebrowsing.google.com/safebrowsing/downloads uses a deprecated SHA-1 certificate
Categories
(Toolkit :: Safe Browsing, defect)
Toolkit
Safe Browsing
Tracking
()
RESOLVED
FIXED
People
(Reporter: jaws, Unassigned)
References
Details
Each time I start up the browser, I see the following error in my Browser Console related to https://safebrowsing.google.com/safebrowsing/downloads: This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More] It looks like this might have been introduced by bug 1109475. Have we heard from Google about their plans to upgrade from SHA-1 for the safebrowsing site? [Setting needinfo for :gcp, please redirect if you know a better person to handle this].
Flags: needinfo?(gpascutto)
Reporter | ||
Updated•9 years ago
|
Component: Security → Safe Browsing
Product: Core → Toolkit
Reporter | ||
Updated•9 years ago
|
status-firefox41:
--- → affected
status-firefox42:
--- → affected
Reporter | ||
Updated•9 years ago
|
Summary: https://safebrowsing.google.com/safebrowsing/downloads uses a SHA-1 certificate → https://safebrowsing.google.com/safebrowsing/downloads uses a deprecated SHA-1 certificate
Updated•9 years ago
|
Flags: needinfo?(gpascutto)
Comment 1•9 years ago
|
||
Stephan, any plans to move these servers to stronger certificates?
Flags: needinfo?(somogyi)
Comment 4•8 years ago
|
||
https://www.ssllabs.com/ssltest/analyze.html?d=safebrowsing.google.com suggests that the relevant servers are now configured to send SHA-256 intermediate and end-entity certs. I also haven't seen any SHA-1 warnings for Safebrowsing recently => resolving as fixed. Feel free to re-open if this is not the case.
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(somogyi)
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•