It looks like "CloudFlare Inc Compatibility CA-3" chains back to the "GTE CyberTrust Global Root" (see https://crt.sh/?caid=34007 ) The "GTE CyberTrust Global Root" is an old 1024 bit root that was removed from NSS two years ago (see https://bugzilla.mozilla.org/show_bug.cgi?id=1047011 ), and therefore any certificates that chain to it no longer come under more modern policies (provided that it has also been removed from other browser root stores too, but that's outside the scope here). The reason they do this is because the old root is still present in older software that is only compatible with SHA-1, and has not expired yet. This allows CloudFlare to present an SHA-1 certificate to older browsers and clients that have not been updated (and still have older versions of root stores), while presenting compliant SHA-2 certificates to modern browsers. Quite an interesting workaround to support older software, it's not exactly encouraging since SHA-1 collisions are now possible. I would expect that CloudFlare operate this solution on the condition that their customers are made aware of the risks, at the very least. While it certainly is against the BR's, there is nothing to stop people running older software, the only sanction possible is removing the root from current software, which is already done. Samuel Pinder
On Sat, Apr 15, 2017 at 12:10 PM, James Burton via dev-security-policy <[email protected]> wrote: > CloudFlare has been issuing SHA-1 SSL Certificates from CloudFlare Inc > Compatibility CA-3 which is BR violation. See: > https://crt.sh/?CN=%25&iCAID=34007 > > Thank you > > James Burton > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
