SHA-1 Client SSL Certificates phase out ?

RESOLVED INVALID

Status

()

Core
Security
RESOLVED INVALID
2 years ago
2 years ago

People

(Reporter: Iansus, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 20160407164938

Steps to reproduce:

This is more of a security question that a real bug.
This article (https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/) states that SHA-1 SSL server certificates will not be trusted after 2017 Jan 01 (updated to 2016 Jun 01 if I remember correctly).

Do you plan to prevent user from using SHA-1 SSL client certificates as well ? If so, what is the expected deadline ?

Thanks in advance,
Regards,
@iansus
(Reporter)

Updated

2 years ago
Component: Untriaged → Security
Product: Firefox → Core
This is best suited to a discussion forum such as https://groups.google.com/forum/#!forum/mozilla.dev.security.policy
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.