Given OCSP support in the terminal software, this isn't likely to be archaic firmware open to ignoring criticality. Since money is flowing here, audits would scream at even older hash options or intentional defect exploitation.
>From experience securing an application that moved 30% of all cash that changed hands in a business day, I can state that no financial services company of this scale will expose their network to an untested certificate chain. Four days are not enough time to test alternate chains or certificate designs. Kind regards, Steve _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
