Skip to content
GitLab
Closed
Issue created by Bruno Carlin@bruno.carlinOwner

Go 1.18 rejects certificates signed with SHA-1 by default

As noted in Go 1.18 release notes, support for x509 certificates signed with SHA-1 is disabled by default.

It is possible to temporarily revert back to the old behaviour by setting an environment variable, but it will not be possible with Go 1.19 (for evident security reasons).

In reaction, we must:

  1. Keep the support for SHA-1 signed certificates for compatibility reasons until go 1.19 is released
  2. Log a deprecation warning if a SHA-1 signed certificate is used and added
  3. Document the deprecation and the end of support for those certificates in a future release
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information