mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-02-25 20:01:50 +00:00
527bfba679
Previously [0], support for SHA1 signatures in certificates was disabled by default, except for certificates issued by imported roots. Chrome had a similar policy, but this was removed in 71 [1]. Telemetry [2] indicates that some users do still encounter SHA1 signatures at a fraction of the rate of overall certificate errors, so forbidding all SHA1 signatures should have minimal compatibility impact. [0] https://bugzilla.mozilla.org/show_bug.cgi?id=1302140 [1] https://chromeenterprise.google/policies/#EnableSha1ForLocalAnchors [2] https://mzl.la/3kg5J4j Differential Revision: https://phabricator.services.mozilla.com/D144870