I’ve noticed since joining OGS that Chrome doesn’t like OGS’s security certificates… does anyone know if this is an issue?
“This site uses a weak security configuration (SHA-1 signatures), so your connection may not be private.”
Mine is a okay, it has a lock and everything.
Hmm okay. It seems to be fine on safari, maybe an issue with my Chrome then.
Google Chrome has started marking SHA-1 as insecure, because it is theoretically breakable by a nation state adversary. Unless you are using your OGS account as a front for espionage, SHA-1 is plenty strong. It would be better if OGS used SHA-256 cough cough, but it isn’t a serious concern.
2 Likes
Odd. I see the OGS certificate as SHA 256. The RSA is only 2048 bit though. It’ll be great to see 521 bit ECC sometime.
The CA is sha-1 our cert and the intermediate CA are sha-256.