<html><head></head><body><div>Hello,</div><div><br></div><div>The bug does not explain why. I would understand to completely deny SHA1 (I.e. Unconditionally), but allowing it seems strange, especially without a justification.<br><br><div class="acompli_signature">Gruss<br>Bernd<br>-- <br><a dir="ltr" href="http://bernd.eckenfels.net" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="0">http://bernd.eckenfels.net</a></div><br></div><br><br><br>
<div class="gmail_quote">On Mon, Feb 13, 2017 at 10:57 PM +0100, "Anthony Scarpino" <span dir="ltr"><<a href="mailto:anthony.scarpino@oracle.com" target="_blank">anthony.scarpino@oracle.com</a>></span> wrote:<br>
<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">




<div dir="3D"ltr"">
<pre>Hi,

I need a quick review on a simple certpath config change.

http://cr.openjdk.java.net/~ascarpino/8174849/webrev/

thanks

Tony
</pre>
</div>

</blockquote>
</div>
</body></html>