Fair enough, I see it was running a SHA1 as recently at least as 2016-12-04 T0 9:21:16+00:00
21. december 2016 kl. 21:59
The Version2 link to the policy PDF is valid SHA256 encrypted. So some confusion as to the statement made below. Could it not be possible that the writer is behind a proxy server that is performing some sort of SSL teardown? I could not replicate the issue. I wouldn't run a domain wildcard on 5 different external facing systems though.
20. december 2016 kl. 21:27
MJK SEC