Cahoot's cert

Melanie Dymond Harper mel at
Wed May 6 23:48:06 BST 2015

> From: Jon Ribbens <jon+ukcrypto at>
> The Chrome alert is because the certificate is using an SHA1 hash,
> and as of fairly recently, Chrome has started to complain mildly about
> this because it is considered weak but it is not completely broken.

For once Chrome isn't complaining about this aspect, because while it is 
an SHA-1 cert, it expires in 2015 and thus isn't covered by Chrome's 
complaints about such certs -- they are distrusting SHA-1 certs (or 
certs involving a SHA-1 intermediate in their chain) which expire on or 
after 1/1/2016. This time it's complaining about something 
algorithm/cipher related, and I really wish they would be more explicit 
about exactly the problem was in each case; I have spent a significant 
amount of support time dealing with this sort of question lately...



More information about the ukcrypto mailing list