SSL-certificate with SHA1 will be deprecated in 2017

Last days of SHA1 SSL-certificates is coming. Certificates of this type based on a cryptographic hash, which is calculated using the SHA-1 algorithm. Recent studies have shown that the SHA1 algorithm is not as strong as previously thought. Although no one has yet created a SSL-certificate using the SHA-1 collision, many experts consider high risk of this situation. Option of a more complex algorithm SHA-1, called SHA-256, has been around for a long time, and it is as easy to operate. There is no reason to continue to use the SHA1 certificates, they can be easily replaced by a more secure solution.

sha12

As a result, the major browser makers put time limits, when their products will no longer trust the SHA-1 certificates. This news is very pleasant for all those who are worried about security:

  • Chrome: в конце января следующего года с выходом версии 56 Chrome перестанет доверять SHA-1 SSL-сертификатам и будет выводить предупреждение.
  • Mozilla Firefox: With the release of 51 in January, the browser will display an error untrusted connection, if the site is still using SHA1.
  • Apple Safari: We do not have exact dates when Apple officially cease to trust the SHA-1 certificates. Fresh notes on MacOS release calling for to abandon SHA-1 as quickly as possible. Downloadable version of Sierra not derives a green padlock already, indicating the safety and reliability of the site.
  • Microsoft Internet Explorer и Edge: starting from February 14, websites that will continue to use SHA-1 will have an unpleasant gift – sites will not load at all, but the user will be able to go to them, click at the warning.

It is worth noting that in most situations, self-signed certificates or certificates with SHA-1, installed by hand, will be supported by browsers.

Web sites that use the SHA-1, received a lot of warnings in order to move to a new algorithm – this includes well-known vulnerability Heartbleed. Calls to ensure that exclude SHA1 from the issuance of certificates, sounded as early as 2005. In 2012, NIST updated the security manual, considering the SHA-1 algorithm obsolete. In 2014, Google said that sites using SHA-1 SSL-certificates after 2016 will be fined in the issue.

Now the threat has become quite high. Fortunately, many site owners have already taken measures. Moziila noted that less than 1% websites today use the SHA-1 certificates. Although there are other assessment, saying that the SHA-1 certificates are installed on a third of all online sites.

Posted in Browser Errors, CA, Vulnerabilities Tagged with: , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

All about SSL

This site is dedicated to SSL-certificates. You will learn what is an SSL certificate, how to issue and reissue it. FAQ SSL will be useful for both novices and pros. SSL Knowledgebase contains sections on validation, trust logo, vulnerabilities, SSL-certificates differences by type (Wildcard, EV, DV, etc.), as well as many other things.