AnsweredAssumed Answered

Is it insecure if extra SHA1 certificates are sent?

Question asked by hellotls on Nov 22, 2014
Latest reply on Nov 24, 2014 by Ivan Ristić

If a complete certificate chain can be built with SHA256 certificates only, but extra SHA1 intermediate certificates are still sent by the server, is it insecure? Currently SSL Labs warns if this happens, such as Qualys SSL Labs - Projects / SSL Server Test / microsoft.com. But I don't know if Chrome will warn about that.

Outcomes