Let's Encrypt is currently considering moving away from using SHA1 as the issuer subject/public key hashing function in OCSP responses and using SHA256 instead. Given a little investigation this seems like a safe move to make but we wanted to check with the community to see if anyone was aware of legacy (or contemporary) software issues that may cause us any trouble.
Thanks, Roland _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
