Hi. I got to understand the differences and limitations. personal certificate signed by CA with SHA256 is OK in current firefox.
the CertificateVerify step of SSL handshaking procedure does not support SHA256 in current firefox. right? regards. mountie. On Sat, Mar 20, 2010 at 10:53 AM, Wan-Teh Chang <[email protected]> wrote: > On Fri, Mar 19, 2010 at 6:50 PM, Wan-Teh Chang <[email protected]> wrote: > > 2010/3/19 Mountie Lee <[email protected]>: > >> Hi. > >> sha256 certificate means > >> client certificate using sha256 for ssl client authentication. > > > > If you mean the signature in the TLS/SSL CertificateVerify message, > > then only TLS 1.2 allows you to use a SHA-256 signature, and NSS > > doesn't support TLS 1.2 yet. > > I should clarify that NSS can still use a client certificate signed by > its CA with a SHA-256 signature to do SSL client authentication. > It's just that the signature in the CertificateVerify message will be > the format specified in TLS 1.0/SSL 3.0. > > Wan-Teh > -- > dev-tech-crypto mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- Mountie Lee Tel : +82 2 2140 2700 E-Mail : [email protected] Twitter : mountielee ======================================= PayGate Inc. * WEB STANDARD PAYMENT * PCI DSS 100% COMPLIANT * www.paygate.net * [email protected]
-- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
