Hi. I got to understand the differences and limitations. personal certificate signed by CA with SHA256 is OK in current firefox.
the CertificateVerify step of SSL handshaking procedure does not support SHA256 in current firefox. right? regards. mountie. On Sat, Mar 20, 2010 at 10:53 AM, Wan-Teh Chang <w...@google.com> wrote: > On Fri, Mar 19, 2010 at 6:50 PM, Wan-Teh Chang <w...@google.com> wrote: > > 2010/3/19 Mountie Lee <moun...@paygate.net>: > >> Hi. > >> sha256 certificate means > >> client certificate using sha256 for ssl client authentication. > > > > If you mean the signature in the TLS/SSL CertificateVerify message, > > then only TLS 1.2 allows you to use a SHA-256 signature, and NSS > > doesn't support TLS 1.2 yet. > > I should clarify that NSS can still use a client certificate signed by > its CA with a SHA-256 signature to do SSL client authentication. > It's just that the signature in the CertificateVerify message will be > the format specified in TLS 1.0/SSL 3.0. > > Wan-Teh > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- Mountie Lee Tel : +82 2 2140 2700 E-Mail : moun...@paygate.net Twitter : mountielee ======================================= PayGate Inc. * WEB STANDARD PAYMENT * PCI DSS 100% COMPLIANT * www.paygate.net * payg...@paygate.net
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
