Once upon a time, Petr Pisar ppisar@redhat.com said:
This year? In Europe we are over. All quallified CA's are forbiden to issue SHA-1 certificates since begin of 2010.
Cite? https://europa.eu/ uses SHA-1 on a cert issued in February 2010. Of course, they also haven't disabled the weak SSL ciphers, so it's hard to claim high security.