Suggest replacements of SHA-1 intermediate certs with known SHA-2 certs

konklone / shaaaaaaaaaaaaa

Check if a website has weak SHA-1 TLS certificates.

https://shaaaaaaaaaaaaa.com

BSD 3-Clause "New" or "Revised" License

207 stars 27 forks source link

Suggest replacements of SHA-1 intermediate certs with known SHA-2 certs #55

Closed jonnybarnes closed 10 years ago

jonnybarnes commented 10 years ago

So as more information becomes available from issue#24 we can add more certs to the fingerprints.json file.

Essentially think this works but @konklone should probably go over the code. Also I've added a simple check to only run the .sha2URL method when we aren't looking at a root certificate. Could probably make that check step even better as we wouldn't need to run the method on the site's actual certificate.

konklone commented 10 years ago

I did a bit of refactoring of the data and code, added a test using penflip.com, which has a StartSSL SHA-1 intermediate whose replacement we know of.

Thanks for making this happen, @jonnybarnes! =)