Melanie Dymond Harper
mel at herald.co.uk
Wed May 6 23:48:06 BST 2015
> From: Jon Ribbens <jon+ukcrypto at unequivocal.co.uk>
> The Chrome alert is because the certificate is using an SHA1 hash,
> and as of fairly recently, Chrome has started to complain mildly about
> this because it is considered weak but it is not completely broken.
For once Chrome isn't complaining about this aspect, because while it is
an SHA-1 cert, it expires in 2015 and thus isn't covered by Chrome's
complaints about such certs -- they are distrusting SHA-1 certs (or
certs involving a SHA-1 intermediate in their chain) which expire on or
after 1/1/2016. This time it's complaining about something
algorithm/cipher related, and I really wish they would be more explicit
about exactly the problem was in each case; I have spent a significant
amount of support time dealing with this sort of question lately...
More information about the ukcrypto