On Fri, 21 Aug 2015, Adam D. Barratt wrote: > On Sun, 2015-08-16 at 13:43 +0200, Stefan Fritsch wrote: > > Please review ssl-cert_1.0.32+deb7u1 for inclusion in oldstable. The > > main change is switching from sha1 to sha256 for new certificates > > because browsers start marking sha1 as insecure. > > I'm assuming that tools in wheezy either cope with SHA256 or have > corresponding bugs about fixing that.
Yes. The well-known crypto libs are fine. According to some web sites, only ancient stuff like openssl < 0.9.8o, windows XP, and java < 1.4.2 don't support sha256 in certs. [1] > #773815 should get a fixed version, rather than being tagged squeeze > +wheezy with version tracking that claims it affects unstable. done and uploaded [1] https://support.globalsign.com/customer/portal/articles/1499561-sha-256-compatibility
