(In reply to Pedro Monreal Gonzalez from comment #31) > The DEFAULT policy in crypto-policies does not allow SHA-1 signatures but > the LEGACY one does allow it. Could somebody test if switching to LEGACY > helps?: > > > sudo update-crypto-policies --set LEGACY > > Note that, this command is shipped by the crypto-policies-scripts package. > > If it help, I would force using the LEGACY policy only in mozilla-nss by > default for now in crypto-policies and submit in a moment. > > TIA Since the crypto-policies support has been disabled in the nss packages for the time being, is there an SR already from your side? Thx.