On Thu, Feb 16, 2017 at 8:26 PM, blake.morgan--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
>
> Trustis has now revoked the SHA-1 Certificate for hmrcset.trustis.com and
> replaced it with a SHA-256 Certificate. This status is reflected in the
> latest CRL.
>
On Wednesday, February 15, 2017 at 10:02:50 PM UTC, Rob Stradling wrote:
> This currently unrevoked cert has a SHA-1/RSA signature, the serverAuth
> EKU and CN=hmrcset.trustis.com:
> https://crt.sh/?id=50773741=cablint
>
> It lacks the SAN extension, but that doesn't excuse it from the ban on
>
Incident Report
On February 15, Rob Stradling identified a SHA-1 certificate issued on
January 27, 2017 under the QV hierarchy.
dNSName: qvsslrca3-v.quovadisglobal.com:
Serial Number: 29:9d:21:5a:7c:0e:16:d4:6b:c4:13:f6:79:72:eb:22:0c:ec:c9:2c
https://crt.sh/?id=83114602
Background
QuoVadis
Check the SSL Labs test:
https://www.ssllabs.com/ssltest/analyze.html?d=hmrcset.trustis.com, rate F that
even enabled SSL v2.
Best Regards,
Richard
On 16 Feb 2017, at 19:04, Nick Lamb via dev-security-policy
On Wednesday, 15 February 2017 22:02:50 UTC, Rob Stradling wrote:
> This currently unrevoked cert has a SHA-1/RSA signature, the serverAuth
> EKU and CN=hmrcset.trustis.com:
> https://crt.sh/?id=50773741=cablint
>
> It lacks the SAN extension, but that doesn't excuse it from the ban on
>
5 matches
Mail list logo
