[OSM-dev] Migrating from SHA-1 to SHA-2 (HTTPS on OSM)
Tom Hughes
tom at compton.nu
Fri Nov 7 20:28:09 UTC 2014
On 07/11/14 20:06, Antje wrote:
> Today I received an email from NameCheap that told me about the retirement of SHA-1 for HTTPS certificates and I realised that OpenStreetMap has HTTPS support. According to https://shaaaaaaaaaaaaa.com/check/openstreetmap.org (a website that lets you check if a website is using SHA-1 or SHA-2), OpenStreetMap is apparently using SHA-1.
>
> The email says that Google will begin to sunset SHA-1 this month (even though we have doubts about their maps, the SHA-1 news is still important). (source: Qualys Lab at https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-deprecation-what-you-need-to-know). Can OpenStreetMap please update their HTTPS Certificate to use SHA-2 instead of SHA-1?
We are well aware of this issue - there is still some months before
browsers start dropping SHA-1 support and the certificate will be
reissued before that happens.
Based on our expiry date CHrome 41 is the first version that will start
to penalise SHA-1 and that's not due until Q1 next year.
Tom
--
Tom Hughes (tom at compton.nu)
http://compton.nu/
More information about the dev
mailing list