Closed Bug 1263939 Opened 8 years ago Closed 8 years ago

SHA-1 Client SSL Certificates phase out ?

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: jean.iansus, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 20160407164938

Steps to reproduce:

This is more of a security question that a real bug.
This article (https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/) states that SHA-1 SSL server certificates will not be trusted after 2017 Jan 01 (updated to 2016 Jun 01 if I remember correctly).

Do you plan to prevent user from using SHA-1 SSL client certificates as well ? If so, what is the expected deadline ?

Thanks in advance,
Regards,
@iansus
Component: Untriaged → Security
Product: Firefox → Core
This is best suited to a discussion forum such as https://groups.google.com/forum/#!forum/mozilla.dev.security.policy
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.