Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Stocken4296yIsn't this because SHA1 is seen as unsafe, and noone should use it anymore?
(Which is why IE uses it) -
@Stocken I was using SHA-512, which was removed from Chrome due to the curve not matching the hash and the upcoming TLS v1.3 specification disallowing mismatching curve/hash. This means SHA-512 can't be used (P-521). SHA-256 and SHA-384 can be used with P-256 and P-384. SHA1 was removed because it is deprecated and outright bad and unsecure.
-
@jespersh I was using a client certificate with a 384 bit elliptic curve for authentication and SHA-512 as signature hash algorithm. When connecting to my server, the connection was reset by Chrome without any information as to why. When digging into it with Wireshark, I can see that Chrome doesn't advertise support for SHA-512 with ECDSA. Internet Explorer does on the other hand. Explaination on why Chrome doesn't support it can be found in my comment above.
-
@Stocken why should sha1 be seen as unsafe? Yes it's been broken by Google. They also spent an unreasonably amount of time, money and under extremely strict circumstances. While we should all prefer sha2 or even better sha3, sha1 is by no means "unsafe" at this point in time.
Related Rants
That moment when something works in Internet Explorer/Microsoft Edge but doesn't work in Chrome or Firefox...
On the left is Chrome, on the right is Internet Explorer.
rant
certificates
iexplorer
chrome