Date: Wed, 31 Mar 2021 13:02:21 +0200 From: Christoph Moench-Tegeder <cmt@burggraben.net> To: freebsd-current@freebsd.org Subject: Re: Blacklisted certificates Message-ID: <YGRWvWRP0DifBj%2Bm@elch.exwg.net> In-Reply-To: <a201a652-cd77-17a7-03a5-2715920d1d3e@FreeBSD.org> References: <a201a652-cd77-17a7-03a5-2715920d1d3e@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
## Jochen Neumeister (joneum@FreeBSD.org): > Why are this certificates blacklisted? Various reasons: - Symantec (which owned Thawte and VeriSign back in the time) made the news in a bad way: https://www.theregister.com/2017/09/12/chrome_66_to_reject_symantec_certs/ - some certificates are simply expired - some certificates use SHA-1 ("sha1WithRSAEncryption") which is beyond deprecated - and basically "whatever Mozilla did", as the certificates are imported from NSS. Regards, Christoph -- Spare Space
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YGRWvWRP0DifBj%2Bm>