1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Outdated payment terminals exempted by Mozilla from SHA-1 certificate ban

Discussion in 'Network World' started by RSS, Feb 25, 2016.

  1. RSS

    RSS New Member Member

    Less than two months after a ban came into effect for new SSL/TLS certificates signed with the weak SHA-1 hashing algorithm, exemptions are already starting to take shape.

    Mozilla announced Wednesday that it will allow Symantec, which runs one of the world's largest certificate authorities, to issue nine new such certificates to a customer in order to accommodate over 10,000 payment terminals that haven't been upgraded in time.

    According to a discussion on the Mozilla security policy mailing list, Worldpay, a large payment processor, failed to migrate some of its SSL/TLS servers to SHA-2 certificates. As a result of an oversight, the company also didn't obtain new SHA-1 certificates for those servers before Dec. 31, 2015, when it was still allowed to do so.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page