https://bugzilla.suse.com/show_bug.cgi?id=1221531 https://bugzilla.suse.com/show_bug.cgi?id=1221531#c47 --- Comment #47 from Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> --- (In reply to Frank Krüger from comment #46)

(In reply to Pedro Monreal Gonzalez from comment #31)

...

The DEFAULT policy in crypto-policies does not allow SHA-1 signatures but the LEGACY one does allow it. Could somebody test if switching to LEGACY helps?:

...

sudo update-crypto-policies --set LEGACY

Note that, this command is shipped by the crypto-policies-scripts package.

If it help, I would force using the LEGACY policy only in mozilla-nss by default for now in crypto-policies and submit in a moment.

TIA

Since the crypto-policies support has been disabled in the nss packages for the time being, is there an SR already from your side? Thx.

Since crypto-policies support has been disabled in nss, there is no need to submit any changes in CP for now. We may have to allow SHA1 in the nss DEFAULT policy for some time if we want to enforce crypto-policies back for it. -- You are receiving this mail because: You are the assignee for the bug.