New issue
Advanced search Search tips

Issue 793896 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Dec 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

SHA1 certificate in chain sent by chromium.org servers

Reported by ratnadip...@gmail.com, Dec 11 2017 
Hello,

I just found some minor issue with RSA 2048 bits (SHA1withRSA) in b5s.hackerone-ext-content.com and a4l.hackerone-ext-content.com thru Qualys SSL Labs and wanted to report it.

Proof of Concept

https://www.ssllabs.com/ssltest/analyze.html?d=chromium.org&s=216.239.32.27
Result: SHA1withRSA INSECURE
https://www.ssllabs.com/ssltest/analyze.html?d=chromium.org&s=2001%3a4860%3a4802%3a32%3a0%3a0%3a0%3a1b&latest
Result: SHA1withRSA INSECURE

I hope you will fix this issue.

Cheers,

Comment 1 by elawrence@chromium.org, Dec 11 2017

Status: WontFix (was: Unconfirmed)
Summary: SHA1 certificate in chain sent by chromium.org servers (was: SHA1 Insecure)
Thanks for the note. 

This intermediate certificate is not used for chain building on modern operating systems and SHA-1 certificates are blocked directly by modern browsers. As such, this has no security or functional impact on the security of the connection to the Chromium servers.
Project Member

Comment 2 by sheriffbot@chromium.org, Mar 20 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment