I think that's the security.pki.sha1_enforcement_level pref [1][2].

Regards,
Jonas


[1] https://bugzilla.mozilla.org/show_bug.cgi?id=942515#c35
[2]
https://blog.mozilla.org/security/2016/01/06/man-in-the-middle-interfering-with-increased-security/



Am 16.09.2016 um 16:53 schrieb therickf...@gmail.com:
> Working with a client on "workarounds" for avoiding SHA-1 deprecation on a 
> system they are woefully behind on updating for SHA-256 compatible.  They 
> asked/stated that Chrome & probably Firefox were "configurable" in regards to 
> shutting out the trust for SHA-1 SSL/TLS certs. I'm skeptical as I haven't 
> seen anything like that.   
>
> Is there any configurability in Firefox regarding this (e.g. from a GPO 
> perspective - Windows environment), or is all the SHA-1 deprecation policy 
> embedded in the Firefox code - to be enforced when that update is pushed out 
> (presumably on/around 1/1/17)? Thanks
>
> Rick
> _______________________________________________
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to