Industry News

Google follows Microsoft, Firefox in blocking SHA-1 certificates

Google has announced it will not treat SHA-1 certificates anymore starting in early 2016 in a plan to completely stop supporting them over the next year.

In line with Microsoft and Firefox, Google’s Chrome version 48 will start displaying a certificate error when encountering websites with leaf certificates signed with SHA-1 issued after January 1 2016 or chains to a public Certificate Authority (CA).

“Starting January 1, 2017 at the latest, Chrome will completely stop supporting SHA-1 certificates,” reads the Google blog post. “At this point, sites that have a SHA-1-based signature as part of the certificate chain (not including the self-signature on the root certificate) will trigger a fatal network error. This includes certificate chains that end in a local trust anchor as well as those that end at a public CA.”

Although around 98 percent of certificates issued worldwide are SHA-1 signed, the SHA1 Deprecation Policy warns against SHA-1 collusion attacks that could lead to man-in-the-middle attacks. Microsoft, Google, and Firefox have announced that they will gradually begin warning users and blocking websites that use SHA-1 signed certificates from 2016.

“For security and interoperability in the face of upcoming browser changes, site operators should ensure that their servers use SHA-2 certificates, support non-RC4 cipher suites, and follow TLS best practices,” according to the same blog post.” In particular, we recommend that most sites support TLS 1.2 and prioritize the ECDHE_RSA_WITH_AES_128_GCM cipher suite.”

Everyone currently relying on SHA-1 is strongly encouraged to make the transition to SHA-2 in 2016 and replace all their deprecated SHA-1 certificates, or their services will be affected.

About the author

Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.

Add Comment

Click here to post a comment