|
|
|
|
|
|
by byuu
3515 days ago
|
|
|
You kind of have to support SHA-1 still. Even with the browsers moving to deprecate it, many of the root certificates valid for another 10-20 years are still using it. (since the root certs ship with the browser, the security risk is lessened.) If this is to be a general library that validates the entire certificate chain, then you'll need SHA-1. Now if the library tries to advertise SHA1 in ServerHello by default, then that is indeed unfortunate. |
|
|