On 24/01/17 15:48, Gervase Markham wrote: > That's because it chains up to the following two roots: > > 1) OU=Class 3 Public Primary Certification Authority > https://crt.sh/?caid=25
This root had its SSL bits disabled around June 2014: https://bugzilla.mozilla.org/show_bug.cgi?id=986005 https://bugzilla.mozilla.org/show_bug.cgi?id=1021967 > 2) OU=Class 3 Public Primary Certification Authority - G2 > https://crt.sh/?caid=963 This root had its SSL bits disabled in Firefox 36, released in Feb 2015: https://bugzilla.mozilla.org/show_bug.cgi?id=986014 So there is no problem from Mozilla's perspective with SHA-1 certificates issued from "Symantec Private SSL SHA1 CA". Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
