> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Zack Williams
> Sent: Thursday, 27 March, 2014 20:26
>
> On Thu, Mar 27, 2014 at 2:47 AM, Stefan H. Holek <ste...@epy.co.at> wrote:
> > No reason. Just for maximum compatibility. Every software can do SHA1. But
> this comes up a lot and I might switch to sha256 the next time around.
>
> It appears that even what most "legacy" web browsers and servers
> support sha256, given these lists:
>
> http://www.tbs-certificates.co.uk/FAQ/en/476.html
> http://www.tbs-certificates.co.uk/FAQ/en/477.html
>
> Are there other lists of other products that are modern (or still in
> active use), but lack sha256 compatibility?
I'm in the process right now of updating Visibroker, a widely-used commercial
product, to support certificates with SHA-256 signatures. (I don't believe
that's proprietary information, and anyone with a copy of Visibroker can easily
discover it by trying to use such a certificate.) My guess is it's not the only
one.
That said, I think it makes sense to use SHA-256 in the tutorial. Anyone using
it who runs into software that can't handle such certificates will get a useful
bit of education in certificate signature algorithms.
--
Michael Wojcik
Technology Specialist, Micro Focus
This message has been scanned for malware by Websense. www.websense.com
:��I"Ϯ��r�m�����
(����Z+�K��+����1���x���h����[�z�(����Z+����f�y���������f���h��)z{,���
