briansmith
commented
7 years ago RSA_PKCS1_2048_8192_SHA1
According to the Chromium developers, it isn't fully web-compatible to remove support for RSA with SHA-1 signatures for TLS 1.2 ServerKeyExchange messages, so I'm going to keep RSA_PKCS1_2048_8192_SHA1 for now. We should add some documentation about how to use it: In particular, it shouldn't be passed as an acceptable certificate signature algorithm, but it may be necessary to pass it to EndEndityCert::verify_signature as an acceptable algorithm if maximum web compatbility is necessary.
However, also according to them, it is web-compatible to remove support for ECDSA-SHA1 and ECDSA-SHA512 signatures, and I've done that for 0.6.0 in these commits:
- SHA-1: 7255c5537e326deef82ff20e61fdebefe57b9e77
- SHA-512: a830244795eca97f6eea065a37fc920610eb8af8
We still also may remove RSA_PKCS1_2048_8192_SHA1 completely, depending on what our own compatibility testing shows.
Remove the following signature algorithms:
Mozilla, Microsoft, and Google are all planning to turn off SHA-1 support on 2017-1-1 or 2017-2-1. It seems unlikely that anybody using webpki is going to need to support SHA-1 even as of now, so I propose we remove them now.