In regards to SHA1, its use in SSL/TLS certificates is what is being depreciated. The other uses of SHA1 (e.g. in eapd or osso-backup) aren't an issue (they are either not using SHA1 in a way that is a security risk or are only using it in code to support old protocols and stuff and if you use newer more secure protocols its not an issue)

In terms of browser stuff we need to:
1.Ensure that the root certificates in https://github.com/community-ssu/maemo-security-certman are up-to-date
2.Bring in a newer OpenSSL version that supports all the latest features and crypto (making sure to deal with any maemo-specific patches)
3.Bring in a newer NSS version that supports all the latest features and crypto (making sure to deal with any maemo-specific patches)
4.Update microb-engine to use the new NSS and to use the right security settings and other things
5.Update QT to use the new OpenSSL and to use the right security settings and other things
6.Update libcurl to use the new OpenSSL and to use the right security settings and other things (if its possible to bring in a newer upstream curl and remain ABI compatible, lets do that)
and 7.If there are any APIs in libcurl that relate to using the right security settings and things, figure out who is using them and fix things somehow so the right security settings are being picked.