[tor-bugs] #18042 [Tor Browser]: Make sure certificates signed with SHA-1 are not accepted anymore in ESR 45
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 12 13:46:40 UTC 2016
#18042: Make sure certificates signed with SHA-1 are not accepted anymore in ESR 45
-----------------------------+------------------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: High | Milestone:
Component: Tor Browser | Version:
Severity: Major | Keywords: tbb-security, ff45-esr
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+------------------------------------
MOzilla released Firefox 43 which did not accept SHA-1 signed certificates
anymore. However, this apparently broke some MITM boxes
(https://blog.mozilla.org/security/2016/01/06/man-in-the-middle-
interfering-with-increased-security/) and they released a point update
reverting this change.
We don't want to have this security feature reverted and should make sure
our ESR 45 based code is rejecting SHA-1 signed certificates as expected.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18042>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list