|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #69888 Wildcard SSL certificate uses deprecated SHA-1 algorithm
Submitted: 2015-06-20 07:01 UTC Modified: 2015-09-28 19:49 UTC
Avg. Score:3.7 ± 1.9
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:1 (33.3%)
From: krinklemail at gmail dot com Assigned:
Status: Open Package: Website problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: krinklemail at gmail dot com
New email:
PHP Version: OS:


 [2015-06-20 07:01 UTC] krinklemail at gmail dot com
Starting in 2014, Chrome is sunsetting tolerance of SSL certificates signed using deprecated signature algorithms based on SHA-1.

As of Chrome 42 stable, it actively displays a "grey padlock with orange warning symbol" icon instead of the trusted green lock.

In the future (2016/2017), the red splash page for invalid certificates will be used – which will stop most users from accessing the site.

Clicking on the icon shows:
> This site uses a weak security configuration (SHA-1 signatures), so your connection may not be private.
> [..]
> The certificate chain for this website contains at least one certificate that was signed using a deprecated signature algorithm based on SHA-1.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-10-05 21:15 UTC] royanee at gmail dot com
Not only that, the TLS settings could use a few updates:

 * No support for TLS 1.2, which is the only secure protocol version.
 * This server supports weak Diffie-Hellman (DH) key exchange parameters.
 * Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2.
 * The server supports only older protocols, but not the current best TLS 1.2.
 * This server accepts the RC4 cipher, which is weak.
 * The server does not support Forward Secrecy with the reference browsers.
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Thu Feb 27 06:01:26 2020 UTC