User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0 Build ID: 20170301181722 Steps to reproduce: These signature algorithms have been deprecated for a while, and should be on their way out.
Actually, we can't do this, for several reasons: 1. Firefox is not the only consumer of NSS, and other consumers may have different SHA-1 deprecation policies. 2. Even Firefox accepts SHA-1 for user-installed trust anchors, we merely reject it for WebPKI trust anchors. 3. They're part of the NSS public API so at most we could disable them. Given that any deprecation in NSS is very far on the horizon, I think we should resolve this WONTFIX. I'm needinfoing rrelyea in case he has a different view.
I concur with eric (albeit 3 months later).