From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 5 Sep 2014 08:02:16 +0200 (CEST)

Hey all,


Just for information to all: Mozilla has recently removed weak certs from the
CA certs bundle. Weak, in the meaning that they used 1024 bit RSA.


If you download the latest cacert bundle from the curl site
(http://curl.haxx.se/docs/caextract.html) right now, you'll see that
s3.amazonaws.com sites no longer gets verified fine. I guess that it goes for
a few other sites too.


References:


Blogged by Kai Engert here:
https://kuix.de/blog/index.php?entry...A-certificates

The removed certs are somewhat detailed in the recent NSS release notes:

https://developer.mozilla.org/en-US/..._release_notes
https://developer.mozilla.org/en-US/..._release_notes


Finally: while I am employed by Mozilla I am not at all involed in the CA cert work.

--
/ daniel.haxx.se


Received on 2014-09-05