Open briansmith opened 7 years ago
RSA_PKCS1_2048_8192_SHA1
According to the Chromium developers, it isn't fully web-compatible to remove support for RSA with SHA-1 signatures for TLS 1.2 ServerKeyExchange messages, so I'm going to keep RSA_PKCS1_2048_8192_SHA1
for now. We should add some documentation about how to use it: In particular, it shouldn't be passed as an acceptable certificate signature algorithm, but it may be necessary to pass it to EndEndityCert::verify_signature
as an acceptable algorithm if maximum web compatbility is necessary.
However, also according to them, it is web-compatible to remove support for ECDSA-SHA1 and ECDSA-SHA512 signatures, and I've done that for 0.6.0 in these commits:
We still also may remove RSA_PKCS1_2048_8192_SHA1
completely, depending on what our own compatibility testing shows.
c26bca470080a0aa003d8de7099dba031a806cb1 is related to this: It removes support for a legacy RSA-SHA1 algorithm identifier.
Remove the following signature algorithms:
Mozilla, Microsoft, and Google are all planning to turn off SHA-1 support on 2017-1-1 or 2017-2-1. It seems unlikely that anybody using webpki is going to need to support SHA-1 even as of now, so I propose we remove them now.