Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
crypto/x509: stop verifying SHA-1 signatures #41682
SHA-1 is weak: a SHA-1 collision was demonstrated and estimated to cost around $50k. https://shattered.io
Accepting SHA-1 signed certificates is a security issue, and lets attackers mount collision attacks if the CA is still signing SHA-1 certificates. crypto/x509 already rejects outright any MD5 signatures for the same reason.
Unfortunately, there are definitely a lot of SHA-1 certificates still in the wild, even if the browsers stopped accepting them and WebPKI banned them a long time ago. We should look at how they are handled by other implementations and decide if we need to provide a programmatic opt-in, or just the usual temporary GODEBUG opt-in.