Browser vendors will get rid of SSL certificates that use SHA-1 to generate
the hash that is then signed by the CA. For example, Google Chrome will start
to show an "insecure" sign for certificates that are valid after 1.1.2016 and
will generate a warning page for certificates that are valid after 1.1.2017 [1],
[2],[4]. Microsoft will block certificates with SHA-1 after 1.1.2017 [3].
This patch:
1) Add a new configuration option to select the signing hash for
generated certificates: sslproxy_cert_sign_hash.
2) If sslproxy_cert_sign_hash is not set, then use the sha256 hash.