Hey Denny: Good idea. Unfortunately, there's not a way to turn it on right
now; we would need to add code.
Mark: Could we, say, add the host name to the string? ("The server at
$DOMAIN makes use of...") The method producing the warning is on
nsHTTPChannel, so it seems like the host name should be there.
https://dxr.mozilla.org/mozilla-central/source/netwerk/protocol/http/nsHttpChannel.cpp#1384
---------- Forwarded message ----------
From: Denny Bartelt <d.bart...@netzathleten-media.de>
Date: Thu, Feb 4, 2016 at 4:13 AM
Subject: Firefox is printing SHA1 warning several times - but which servers
use SHA-1?
To: mozilla-dev-security-pol...@lists.mozilla.org
When including ads on a website Firefox is printing a SHA-1 warning several
times:
(30) "This site makes use of a SHA-1 Certificate; it's recommended you use
certificates with signature algorithms that use hash functions stronger
than SHA-1."
Is there a way to print which servers are using SHA-1 Certificates without
recheck each of them manually? Is there a verbose mode for that message
which prints the server name?
thanks, denny
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
