Remove ssl_sig_ecdsa_sha1 and ssl_sig_rsa_pkcs1_sha1

RESOLVED WONTFIX

Status

NSS
Libraries
RESOLVED WONTFIX
8 months ago
5 months ago

People

(Reporter: bedrigapup, Unassigned)

Tracking

trunk

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

8 months ago
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 20170301181722

Steps to reproduce:

These signature algorithms have been deprecated for a while, and should be on their way out.

Updated

8 months ago
Assignee: nobody → nobody
Group: firefox-core-security
Component: Untriaged → Libraries
Product: Firefox → NSS
Version: Trunk → trunk

Comment 1

8 months ago
Actually, we can't do this, for several reasons:

1. Firefox is not the only consumer of NSS, and other consumers may have different SHA-1 deprecation policies.
2. Even Firefox accepts SHA-1 for user-installed trust anchors, we merely reject it for WebPKI trust anchors.
3. They're part of the NSS public API so at most we could disable them.

Given that any deprecation in NSS is very far on the horizon, I think we should resolve this WONTFIX. I'm needinfoing rrelyea in case he has a different view.
Flags: needinfo?(rrelyea)

Comment 2

5 months ago
I concur with eric (albeit 3 months later).
Flags: needinfo?(rrelyea)

Updated

5 months ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.