rfc:distrust-sha1-certificates

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
rfc:distrust-sha1-certificates [2017/05/29 10:55]
kelunik fix typo
rfc:distrust-sha1-certificates [2017/09/22 13:28] (current)
Line 22: Line 22:
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
  
-MD5 certificates won'any longer be accepted. SHA-1 certificates are no longer accepted by default starting in PHP 7.2. This break is intentional and is in line with the CA/B rules and major browser policies.+MD5 certificates won't be accepted any longer. SHA-1 certificates are no longer accepted by default starting in PHP 7.2. This break is intentional and is in line with the CA/B rules and major browser policies.
  
 ===== Proposed PHP Version(s) ===== ===== Proposed PHP Version(s) =====
Line 30: Line 30:
 ===== RFC Impact ===== ===== RFC Impact =====
  
-Browsers start on 2017-01-01 with no longer accepting SHA-1 certificates, tooImpact is expected to be rather low. People in need of SHA-1 certificates, e.g. for private CAs, can set the mentioned context option to ''80'' to get the previous behavior (except for MD5 not being accepted), but are strongly discouraged to do so. It is explicitly not possible to set this value lower than 80. There's no option to enable MD5.+Browsers started on 2017-01-01 with no longer accepting SHA-1 certificates. The impact is expected to be rather low. People in need of SHA-1 certificates, e.g. for private CAs, can set the mentioned context option to ''80'' to get the previous behavior (except for MD5 not being accepted), but are strongly discouraged to do so. It is explicitly not possible to set this value lower than 80. There's no option to enable MD5.
  
 ===== Future Scope ===== ===== Future Scope =====
rfc/distrust-sha1-certificates.1496055315.txt.gz · Last modified: 2017/09/22 13:28 (external edit)