On Saturday, 15 April 2017 13:59:18 UTC+1, Samuel Pinder wrote:
> Quite an interesting workaround to support older
> software, it's not exactly encouraging since SHA-1 collisions are now
> possible. I would expect that CloudFlare operate this solution on the
> condition that their customers are ma
It looks like "CloudFlare Inc Compatibility CA-3" chains back to the
"GTE CyberTrust Global Root" (see https://crt.sh/?caid=34007 )
The "GTE CyberTrust Global Root" is an old 1024 bit root that was
removed from NSS two years ago (see
https://bugzilla.mozilla.org/show_bug.cgi?id=1047011 ), and there
CloudFlare has been issuing SHA-1 SSL Certificates from CloudFlare Inc
Compatibility CA-3 which is BR violation. See:
https://crt.sh/?CN=%25&iCAID=34007
Thank you
James Burton
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
3 matches
Mail list logo