Contact [email protected] ExplainerNone
Specificationhttps://www.rfc-editor.org/rfc/rfc9155.html Summary Chrome is removing support for signature algorithms using SHA-1 for server signatures during the TLS handshake. This does not affect SHA-1 support in server certificates, which was already removed, or in client certificates, which continues to be supported. Blink componentInternals>Network>SSL <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork%3ESSL> Motivation SHA1 has known collisions, and while difficult to exploit in practice, should be avoided. Removing SHA1 support from server signatures removes the ability for a future attacker to exploit some sort of collision in SHA1 to impersonate a server. The use of SHA1 in TLS has already been deprecated by the IETF in RFC 9155. This does not affect client certificates. The decision of whether or not to accept SHA1 in client certificates can be made by server operators who have deployed mTLS. Initial public proposal Search tagstls <https://chromestatus.com/features#tags:tls>, ssl <https://chromestatus.com/features#tags:ssl>, sha1 <https://chromestatus.com/features#tags:sha1> TAG review TAG review statusNot applicable Risks Interoperability and Compatibility *Gecko*: No signal *WebKit*: No signal *Web developers*: No signals *Other signals*: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? Debuggability Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?No Flag name Requires code in //chrome?False Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=658905 Launch bughttps://launch.corp.google.com/launch/4233200 Estimated milestones No milestones specified Link to entry on the Chrome Platform Status https://chromestatus.com/feature/4832850040324096 This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42JGCECAtUFRX6S%2BVriRJrVAwGUUquad6xgDGfiji81ZHg%40mail.gmail.com.
