Well, now you've made me go and try it. I couldn't get OpenSSL to use RSAwithMD2, but it works fine with MD5:
openssl req -x509 -out client-cert.pem -new -newkey rsa:512 -md5 -nodes -keyout client-priv.pem openssl pkcs12 -export -in client-cert.pem -inkey client-priv.pem -out client.p12 # Preferences > Advanced > Certificates > View Certificates > Your Certificates # Import the p12 # Configure /etc/hosts to point example.com to 127.0.0.1 openssl req -x509 -out server-cert.pem -new -newkey rsa:2048 -sha256 -nodes -keyout server-priv.pem openssl s_server -cert server-cert.pem -key server-priv.pem -accept 8080 -www -Verify 0 # Navigate to https://example.com:8080/ # Add an exception for the server cert # Note that the client cert you just imported is offered in the prompt # Select the client cert you just imported # Note that the server accepts the client cert On Wed, Apr 27, 2016 at 2:25 PM, Peter Bowen <[email protected]> wrote: > It does to a certain extent. If I have a certificate that uses a > 512-bit RSA key and is signed using RSAwithMD2, will Mozilla even > attempt to use that certificate for client authentication? > > On Wed, Apr 27, 2016 at 10:54 AM, Richard Barnes <[email protected]> > wrote: > > For client certificates, it doesn't really matter what Mozilla thinks -- > it > > matters what the website thinks when you present the client cert. > > > > On Wed, Apr 27, 2016 at 7:48 AM, <[email protected]> wrote: > > > >> Hi ! I read " > >> > https://blog.mozilla.org/security/2015/10/20/continuing-to-phase-out-sha-1-certificates/ > " > >> article but my question is what about Client authentication certificates > >> that are issued using SHA-1 like Qualified Certificates issued to > clients > >> in order to make client authenticated SSL connection and > >> sign/encrypt/decrypt documents? Are they going to be valid and until > when ? > >> _______________________________________________ > >> dev-security-policy mailing list > >> [email protected] > >> https://lists.mozilla.org/listinfo/dev-security-policy > >> > > _______________________________________________ > > dev-security-policy mailing list > > [email protected] > > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
