It does to a certain extent. If I have a certificate that uses a 512-bit RSA key and is signed using RSAwithMD2, will Mozilla even attempt to use that certificate for client authentication?
On Wed, Apr 27, 2016 at 10:54 AM, Richard Barnes <[email protected]> wrote: > For client certificates, it doesn't really matter what Mozilla thinks -- it > matters what the website thinks when you present the client cert. > > On Wed, Apr 27, 2016 at 7:48 AM, <[email protected]> wrote: > >> Hi ! I read " >> https://blog.mozilla.org/security/2015/10/20/continuing-to-phase-out-sha-1-certificates/"; >> article but my question is what about Client authentication certificates >> that are issued using SHA-1 like Qualified Certificates issued to clients >> in order to make client authenticated SSL connection and >> sign/encrypt/decrypt documents? Are they going to be valid and until when ? >> _______________________________________________ >> dev-security-policy mailing list >> [email protected] >> https://lists.mozilla.org/listinfo/dev-security-policy >> > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
