Re: Is Firefox SHA-1 Deprecation Policy configurable?

2016-09-19 Thread Andrew R. Whalley 
For Chrome, there's the EnableSha1ForLocalAnchors policy that was
introduced in Chrome 54.  That will operate as described here

.

Andrew

On Sat, Sep 17, 2016 at 10:49 AM,  wrote:

> I think that's the security.pki.sha1_enforcement_level pref [1][2].
>
> Regards,
> Jonas
>
>
> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=942515#c35
> [2]
> https://blog.mozilla.org/security/2016/01/06/man-in-
> the-middle-interfering-with-increased-security/
>
>
>
> Am 16.09.2016 um 16:53 schrieb therickf...@gmail.com:
> > Working with a client on "workarounds" for avoiding SHA-1 deprecation on
> a system they are woefully behind on updating for SHA-256 compatible.  They
> asked/stated that Chrome & probably Firefox were "configurable" in regards
> to shutting out the trust for SHA-1 SSL/TLS certs. I'm skeptical as I
> haven't seen anything like that.
> >
> > Is there any configurability in Firefox regarding this (e.g. from a GPO
> perspective - Windows environment), or is all the SHA-1 deprecation policy
> embedded in the Firefox code - to be enforced when that update is pushed
> out (presumably on/around 1/1/17)? Thanks
> >
> > Rick
> > ___
> > dev-security-policy mailing list
> > dev-security-policy@lists.mozilla.org
> > https://lists.mozilla.org/listinfo/dev-security-policy
>
>
>
> ___
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: Is Firefox SHA-1 Deprecation Policy configurable?

2016-09-17 Thread sjw 
I think that's the security.pki.sha1_enforcement_level pref [1][2].

Regards,
Jonas


[1] https://bugzilla.mozilla.org/show_bug.cgi?id=942515#c35
[2]
https://blog.mozilla.org/security/2016/01/06/man-in-the-middle-interfering-with-increased-security/



Am 16.09.2016 um 16:53 schrieb therickf...@gmail.com:
> Working with a client on "workarounds" for avoiding SHA-1 deprecation on a 
> system they are woefully behind on updating for SHA-256 compatible.  They 
> asked/stated that Chrome & probably Firefox were "configurable" in regards to 
> shutting out the trust for SHA-1 SSL/TLS certs. I'm skeptical as I haven't 
> seen anything like that.   
>
> Is there any configurability in Firefox regarding this (e.g. from a GPO 
> perspective - Windows environment), or is all the SHA-1 deprecation policy 
> embedded in the Firefox code - to be enforced when that update is pushed out 
> (presumably on/around 1/1/17)? Thanks
>
> Rick
> ___
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy




signature.asc
Description: OpenPGP digital signature
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Is Firefox SHA-1 Deprecation Policy configurable?

2016-09-16 Thread therickfray 
Working with a client on "workarounds" for avoiding SHA-1 deprecation on a 
system they are woefully behind on updating for SHA-256 compatible.  They 
asked/stated that Chrome & probably Firefox were "configurable" in regards to 
shutting out the trust for SHA-1 SSL/TLS certs. I'm skeptical as I haven't seen 
anything like that.   

Is there any configurability in Firefox regarding this (e.g. from a GPO 
perspective - Windows environment), or is all the SHA-1 deprecation policy 
embedded in the Firefox code - to be enforced when that update is pushed out 
(presumably on/around 1/1/17)? Thanks

Rick
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy