On Thu, Mar 10, 2011 at 01:07, Petr Pisar <ppisar@xxxxxxxxxx> wrote: > On 2011-03-10, Stephen Smoogen <smooge@xxxxxxxxx> wrote: >> >> We have already updated fedorahosted.org and will now be updating the >> cert for the main site: fedoraproject.org. >> >> The old certificate came from Equifax, was a 1024 bit key and had the >> fingerprint: > [...] >> The new certificate is issued by GeoTrust, Inc and is a 4096 bit key >> with the fingerprint: >> > Key length is not everything. Didn't you forget to upgrade hash > algorithm? Sticking on SHA-1 that's been abandoned by ETSI and other > authorities does not look most safely. >From my research to use the SHA-2 in TLS requires the user and server to be both able to talk TLS-1.2. From what I found at wikipedia (http://en.wikipedia.org/wiki/Transport_Layer_Security) Firefox does not support 1.2 (only Opera and IE8 do). > -- Petr > > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel > -- Stephen J Smoogen. "The core skill of innovators is error recovery, not failure avoidance." Randy Nelson, President of Pixar University. "Let us be kind, one to another, for most of us are fighting a hard battle." -- Ian MacLaren -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
