Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

From the user POV, nothing is changed. The decision to deprecate SHA1 or not isn't specific to Keyless SSL (ie, Keyless SSL isn't a new product for the users)

From the bank's point of view, where we can say that Keyless SSL is a new product, only 2 cipher suites are allowed:

    ECDHE-ECDSA-AES256-GCM-SHA384
    ECDHE-RSA-AES256-GCM-SHA384
which, as you can see, don't include sha1.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: