On Fri, Oct 14, 2016 at 05:15:48PM +0200, Hubert Kario wrote:
> On Friday, 14 October 2016 14:34:49 CEST Kazuho Oku wrote:
> > Considering that, to me it seems preferable if the draft stated that
> > both PKCS1 and SHA1 are obsoleted, and are allowed to be only used in
> > certificates. Or is there any need to handle PKCS1 and SHA1
> > differently in protocol implementations?
> there isn't, the only case is when you also implement TLSv1.2
> Pure TLSv1.3 implementation shouldn't ever generate messages or try to verify
> messages signed with SHA-1 (or MD5 for that matter)
Unfortunately while one sees less and less use of SHA-1 as certificates
expire, there still is use of SHA-1 in OCSP. The only place where my
TLS library uses SHA-1 is with OCSP.
TLS mailing list