8

That moment when something works in Internet Explorer/Microsoft Edge but doesn't work in Chrome or Firefox...

On the left is Chrome, on the right is Internet Explorer.

Comments
  • 0
    And there's the answer as to why:

    https://bugs.chromium.org/p/...
  • 3
    Isn't this because SHA1 is seen as unsafe, and noone should use it anymore?
    (Which is why IE uses it)
  • 1
    @Stocken I was using SHA-512, which was removed from Chrome due to the curve not matching the hash and the upcoming TLS v1.3 specification disallowing mismatching curve/hash. This means SHA-512 can't be used (P-521). SHA-256 and SHA-384 can be used with P-256 and P-384. SHA1 was removed because it is deprecated and outright bad and unsecure.
  • 0
    @jespersh I was using a client certificate with a 384 bit elliptic curve for authentication and SHA-512 as signature hash algorithm. When connecting to my server, the connection was reset by Chrome without any information as to why. When digging into it with Wireshark, I can see that Chrome doesn't advertise support for SHA-512 with ECDSA. Internet Explorer does on the other hand. Explaination on why Chrome doesn't support it can be found in my comment above.
  • 0
    @Stocken why should sha1 be seen as unsafe? Yes it's been broken by Google. They also spent an unreasonably amount of time, money and under extremely strict circumstances. While we should all prefer sha2 or even better sha3, sha1 is by no means "unsafe" at this point in time.
Add Comment