Contact emailsdadr...@google.com ExplainerNone
Specificationhttps://www.rfc-editor.org/rfc/rfc9155.html Summary Chrome is removing support for signature algorithms using SHA-1 for server signatures during the TLS handshake. This does not affect SHA-1 support in server certificates, which was already removed, or in client certificates, which continues to be supported. SHA-1 can be temporarily re-enabled via the temporary InsecureHashesInTLSHandshakesEnabled enterprise policy. This policy will be removed in Chrome 123. Blink componentInternals>Network>SSL <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork%3ESSL> Search tagstls <https://chromestatus.com/features#tags:tls>, ssl <https://chromestatus.com/features#tags:ssl>, sha1 <https://chromestatus.com/features#tags:sha1> TAG reviewNone TAG review statusNot applicable Risks Interoperability and Compatibility At most 0.02% of page loads use the SHA1 fallback. However, we cannot disambiguate between a flaky first connection, and actually requiring SHA1. We expect the actual amount is lower. *Gecko*: Positive (https://github.com/mozilla/standards-positions/issues/812 ) *WebKit*: Positive (https://github.com/WebKit/standards-positions/issues/196 ) *Web developers*: No signals *Other signals*: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Debuggability n/a, this happens pre-devtools Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?Yes Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?No Flag name on chrome://flagsuse-sha1-server-handshakes Finch feature nameDisableSHA1ServerSignature Requires code in //chrome?False Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=658905 Launch bughttps://launch.corp.google.com/launch/4233200 Estimated milestones Shipping on desktop 117 OriginTrial desktop last 116 OriginTrial desktop first 115 DevTrial on desktop 115 Shipping on Android 117 OriginTrial Android last 116 OriginTrial Android first 115 DevTrial on Android 115 OriginTrial webView last 116 OriginTrial webView first 115 Anticipated spec changes Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way). None Link to entry on the Chrome Platform Status https://chromestatus.com/feature/4832850040324096 Links to previous Intent discussionsIntent to Experiment: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42JZz%3De_TRVwumqgTj-A7543BR7JLBUR_GzVN_oOWhKVvg%40mail.gmail.com This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42LiSGgfN1trVXfrmCW0Upk9r9GK4XYZQm5Y8RSzphn_DA%40mail.gmail.com.
