You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think PHP doesn't provide a mechanism for that yet, at least I couldn't find anything in the options. Therefore we probably have to capture the certificate and chain and check it ourselves. I'm looking forward to adding such a possibility to PHP 7.2 and defaulting to not accept SHA-1 there, too.
The text was updated successfully, but these errors were encountered:
NIST recommends that SHA-1 should no longer be used for digital signatures. As of 2016-01-01, the CA/B Forum forbids issuing new SHA-1 certificates. The CA/B has advised CAs starting 2015-01-16 to issue no SHA-1 certificates with an expiration date greater than 2017-01-01, as browsers had already announced to deprecate and remove SHA-1. Starting with Java 9, Java will also no longer accept SHA-1 starting 2017-01-01 by default.
I think PHP doesn't provide a mechanism for that yet, at least I couldn't find anything in the options. Therefore we probably have to capture the certificate and chain and check it ourselves. I'm looking forward to adding such a possibility to PHP 7.2 and defaulting to not accept SHA-1 there, too.
The text was updated successfully, but these errors were encountered: