Do you mean SHA-1 for client certificates? For those, the browser isn't the relying party; it would be up to the website to decide whether a SHA-1 client certificate is acceptable.
On Wed, Apr 13, 2016 at 4:14 AM, <[email protected]> wrote: > This article ( > https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/) > states that SHA-1 SSL server certificates will not be trusted after 2017 > Jan 01 (updated to 2016 Jun 01 if I remember correctly). > > Do you plan to prevent user from using SHA-1 SSL client certificates as > well ? If so, what is the expected deadline ? > > Thanks in advance, > Regards, > @iansus > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
