On Thursday, May 19, 2016 at 9:09:58 AM UTC-7, [email protected] wrote: > Could you confirm the dates from which FF will be rejecting SHA-1 SSL > certificates (regardless of when they were issued)
Hi Ajuram, I can't speak for Richard, but I do not believe there is a firm date for rejecting all SHA-1 certs yet: The plan is still Q1 2017. I don't imagine we'd move earlier than that unless new research on SHA-1 collisions prompts it. J.C. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
