For Chrome, there's the EnableSha1ForLocalAnchors policy that was introduced in Chrome 54. That will operate as described here <https://sites.google.com/a/chromium.org/dev/Home/chromium-security/education/tls/sha-1> .
Andrew On Sat, Sep 17, 2016 at 10:49 AM, <s...@gmx.ch> wrote: > I think that's the security.pki.sha1_enforcement_level pref [1][2]. > > Regards, > Jonas > > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=942515#c35 > [2] > https://blog.mozilla.org/security/2016/01/06/man-in- > the-middle-interfering-with-increased-security/ > > > > Am 16.09.2016 um 16:53 schrieb therickf...@gmail.com: > > Working with a client on "workarounds" for avoiding SHA-1 deprecation on > a system they are woefully behind on updating for SHA-256 compatible. They > asked/stated that Chrome & probably Firefox were "configurable" in regards > to shutting out the trust for SHA-1 SSL/TLS certs. I'm skeptical as I > haven't seen anything like that. > > > > Is there any configurability in Firefox regarding this (e.g. from a GPO > perspective - Windows environment), or is all the SHA-1 deprecation policy > embedded in the Firefox code - to be enforced when that update is pushed > out (presumably on/around 1/1/17)? Thanks > > > > Rick > > _______________________________________________ > > dev-security-policy mailing list > > dev-security-policy@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-security-policy > > > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy