Working with a client on "workarounds" for avoiding SHA-1 deprecation on a system they are woefully behind on updating for SHA-256 compatible. They asked/stated that Chrome & probably Firefox were "configurable" in regards to shutting out the trust for SHA-1 SSL/TLS certs. I'm skeptical as I haven't seen anything like that.
Is there any configurability in Firefox regarding this (e.g. from a GPO perspective - Windows environment), or is all the SHA-1 deprecation policy embedded in the Firefox code - to be enforced when that update is pushed out (presumably on/around 1/1/17)? Thanks Rick _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
