Cahoot's cert
Adrian Midgley
amidgley at gmail.com
Thu May 7 13:10:43 BST 2015
TLS 1
On Thu, 7 May 2015 11:37 Jon Ribbens <jon+ukcrypto at unequivocal.co.uk> wrote:
> On Wed, May 06, 2015 at 11:48:06PM +0100, Melanie Dymond Harper wrote:
> > > From: Jon Ribbens <jon+ukcrypto at unequivocal.co.uk>
> > > The Chrome alert is because the certificate is using an SHA1 hash,
> > > and as of fairly recently, Chrome has started to complain mildly about
> > > this because it is considered weak but it is not completely broken.
> >
> > For once Chrome isn't complaining about this aspect, because while it is
> > an SHA-1 cert, it expires in 2015 and thus isn't covered by Chrome's
> > complaints about such certs -- they are distrusting SHA-1 certs (or
> > certs involving a SHA-1 intermediate in their chain) which expire on or
> > after 1/1/2016. This time it's complaining about something
> > algorithm/cipher related, and I really wish they would be more explicit
> > about exactly the problem was in each case; I have spent a significant
> > amount of support time dealing with this sort of question lately...
>
> For securebank.cahoot.com, the certificate expires 14th May 2016 so
> SHA1 *is* what Chrome is complaining about. For www.cahoot.com, the
> cryptography is particularly rubbish given that it's using MD5 and
> RC4, but as you say the expiry is in 2015 and what Chrome is actually
> complaining about is that the page mixes content from http and https
> sources.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20150507/cec65edf/attachment.html>
More information about the ukcrypto
mailing list