On Thu, Mar 10, 2011 at 01:07, Petr Pisar ppisar@redhat.com wrote:
On 2011-03-10, Stephen Smoogen smooge@gmail.com wrote:
We have already updated fedorahosted.org and will now be updating the cert for the main site: fedoraproject.org.
The old certificate came from Equifax, was a 1024 bit key and had the fingerprint:
[...]
The new certificate is issued by GeoTrust, Inc and is a 4096 bit key with the fingerprint:
Key length is not everything. Didn't you forget to upgrade hash algorithm? Sticking on SHA-1 that's been abandoned by ETSI and other authorities does not look most safely.
From my research to use the SHA-2 in TLS requires the user and server
to be both able to talk TLS-1.2. From what I found at wikipedia (http://en.wikipedia.org/wiki/Transport_Layer_Security) Firefox does not support 1.2 (only Opera and IE8 do).
-- Petr
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel