Open
Bug 1600449
Opened 5 years ago
Updated 2 years ago
Log a warning message when a site uses RSA-PKCS1-SHA1 signature scheme
Categories
(Core :: Security: PSM, task, P3)
Core
Security: PSM
Tracking
()
NEW
People
(Reporter: jan, Unassigned)
References
()
Details
(Keywords: nightly-community, parity-chrome, Whiteboard: [necko-triaged])
Attachments
(1 file)
|
(deleted),
image/png
|
Details |
Screenshot_20191130_163308.png
Open affected website: https://www.daserste.de/ (Probably an ancient F5 load balancer.)
Open Chrome Dev > Devtools > Security
The server signature uses SHA-1, which is obsolete. Enable a SHA-2 signature algorithm instead. (Note this is different from the signature in the certificate.)
Firefox should log a similar warning to establish a deprecation path.
|
Reporter | |
Updated•5 years ago
|
|
||
Comment 1•5 years ago
|
||
Good idea, including a link to MDN (all assuming we officially deprecated it, which I need to read up on). Console just shows Warnings from Network in those cases, so I am moving this bug.
Component: Console → Networking
Product: DevTools → Core
|
|
Reporter | |
Updated•5 years ago
|
|
||
Updated•5 years ago
|
Priority: -- → P3
Whiteboard: [necko-triaged]
|
|
Reporter | |
Updated•3 years ago
|
Component: Networking → Security: PSM
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•