Re: CloudFlare Issuing SHA-1 SSL Certificates

2017-04-16 Thread Nick Lamb via dev-security-policy
On Saturday, 15 April 2017 13:59:18 UTC+1, Samuel Pinder wrote: > Quite an interesting workaround to support older > software, it's not exactly encouraging since SHA-1 collisions are now > possible. I would expect that CloudFlare operate this solution on the > condition that their customers are

Re: CloudFlare Issuing SHA-1 SSL Certificates

2017-04-15 Thread Samuel Pinder via dev-security-policy
It looks like "CloudFlare Inc Compatibility CA-3" chains back to the "GTE CyberTrust Global Root" (see https://crt.sh/?caid=34007 ) The "GTE CyberTrust Global Root" is an old 1024 bit root that was removed from NSS two years ago (see https://bugzilla.mozilla.org/show_bug.cgi?id=1047011 ), and

CloudFlare Issuing SHA-1 SSL Certificates

2017-04-15 Thread James Burton via dev-security-policy
CloudFlare has been issuing SHA-1 SSL Certificates from CloudFlare Inc Compatibility CA-3 which is BR violation. See: https://crt.sh/?CN=%25=34007 Thank you James Burton ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org