On Sat, Oct 10, 2015 at 08:59:08PM +0000, Viktor Dukhovni wrote:
> I don't want to see client's or servers hanging up just because a
> peer presents a SHA-1 chain that would have been simply ignored
> had it been SHA2-256 instead.
In particular pull request 287 breaks opportunistic TLS and *must*
not be adopted as-is.
It needs to allow SHA-1 chains to be sent when that's all that's
available. The onus to not trust such chains is on the peer. Some
peers may continue with the handshake despite the untrusted chain.
They may, for example, have pinned the leaf certificate and not
give a hoot about any of the signatures.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
