[2017-03-01 11:21] benjaminpill--- via dev-security-policy:
> so why is Firefox complaining with this error message:
>
> SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
Check the about:config setting "security.pki.sha1_enforcement_level".
Valid values currently range from 0 to 4, with the following meanings:
> enum class SHA1Mode {
> Allowed = 0,
> Forbidden = 1,
> // There used to be a policy that only allowed SHA1 for certificates
> issued
> // before 2016. This is no longer available. If a user has selected this
> // policy in about:config, it now maps to Forbidden.
> UsedToBeBefore2016ButNowIsForbidden = 2,
> ImportedRoot = 3,
> ImportedRootOrBefore2016 = 4,
> };
Source:
https://dxr.mozilla.org/mozilla-central/source/security/certverifier/CertVerifier.h#164
You'll probably want either value 3 or value 4.
regards
Pascal
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
