@lbutlr schreef op wo 23-10-2019 om 07:48 [-0600]: On 23 Oct 2019, at 03:49, Wouter Verhelst <
<mailto:wouter.verhe...@zetes.com> wouter.verhe...@zetes.com > wrote: I know that SHA1 is insecure these days, but I have no control over the algorithms used in this particular CA, and I need to be able to use it. This is a case of pushing back to get the incompetent CA to update. Even if you manage to get Apache to do this, the browsers will balk at it. The browser has nothing to do with it -- it doesn't even need to validate the certificate, only to build a chain. Even so, while a preimage attack is indeed possible against SHA1 today, that does not mean that existing certificates, issued before the publication of that preimage attack, are now suddenly invalid. The (several millions of) deployed client certificates that I'm dealing with are all (much) older than that. New certificates use SHA256, but replacing the ones in the field is not a quick operation. Meanwhile, they still need to be used. Hence. Anyone have any idea if it's possible to relax the requirements for client CAs somehow? I don’t think so, it’s been deprecated for several years and breakable for several more. Chrome dropped support in 2016, possibly early 2017 (Chrome 54 comes to mind)? Please note that I said "client certificates". While what you say is true for server certificates, when I tried this out about two years ago, browsers would still allow authentication with client certificates that were signed with MD5 (!) Safari dropped any support for SHA1 this year. Which is plenty late, but beside the point.
