On 2011-03-10, Robert Relyea rrelyea@redhat.com wrote:
SHA-1 is also used in the certificate. That, in theory, doesn't require TLS 1.2, though only TLS 1.2 includes protocol to tell servers what hashing algorithms the clients support, so in a strict sense only TLS tells you whether or not it's safe to use a cert with something other than SHA-1 or MD5. Most modern browers will support SHA-2 algorithms in the certificate (even when using SSL3, to TLS 1.x). The notable exceptions is verisons of Windows older than Windows XP service patch 3, and several older phones.
That's the hash usage I refered. I was amazed the certificate signature algorithm is RSAwithSHA1. As it was said this does not dependend on TLS version.
Many CA's are apparently starting to move SHA-256 roots this year, mostly driven by NIST standards.
This year? In Europe we are over. All quallified CA's are forbiden to issue SHA-1 certificates since begin of 2010.
-- Petr