On 2009-05-28 13:09 PDT, Frank Hecker wrote: > Nelson B Bolyard wrote: >> An SSL server that sends out a full chain with a SHA256 root could >> conceivably cause a problem for a remote SSL client that does not understand >> SHA256 signatures and that chooses to check the signature on the received >> root cert rather than, or in addition to, relying on its own local trusted >> copy of the root cert for that CA. However, with respect to usage of NSS >> for SSL/TLS, Mozilla software presently does not act as an SSL server, but >> only as an SSL client. > > Correct. However this could affect, e.g., NSS used in the context of > mod_nss and the Apache web server, would it not?
Yes. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
