Working with a client on "workarounds" for avoiding SHA-1 deprecation on a 
system they are woefully behind on updating for SHA-256 compatible.  They 
asked/stated that Chrome & probably Firefox were "configurable" in regards to 
shutting out the trust for SHA-1 SSL/TLS certs. I'm skeptical as I haven't seen 
anything like that.   

Is there any configurability in Firefox regarding this (e.g. from a GPO 
perspective - Windows environment), or is all the SHA-1 deprecation policy 
embedded in the Firefox code - to be enforced when that update is pushed out 
(presumably on/around 1/1/17)? Thanks

dev-security-policy mailing list

Reply via email to