{"id":177,"date":"2014-11-06T05:46:51","date_gmt":"2014-11-06T13:46:51","guid":{"rendered":"https:\/\/www.ssls.com\/blog\/?p=177"},"modified":"2023-09-27T15:18:25","modified_gmt":"2023-09-27T22:18:25","slug":"sunsetting-sha-1-moving-sha-2","status":"publish","type":"post","link":"https:\/\/www.ssls.com\/blog\/sunsetting-sha-1-moving-sha-2\/","title":{"rendered":"Sunsetting SHA-1 and Moving to SHA-2"},"content":{"rendered":"
One of the most important parts of SSL certificates\u2019 security is the signature algorithm. The SHA-1 cryptographic algorithm, created nearly 20 years ago, is one of the most commonly used hash function for websites that are protected with SSL.<\/pre>\n
SHA-1 is getting weaker every day and is frequently exposed to collision attacks in which hackers may obtain fraudulent certificates. However, SHA-1 is still widely used for many websites that are protected<\/a> with SSL.<\/p>\n
<\/p>\n
Google and Microsoft encourage Certification Authorities and website administrators to upgrade their SSL certificates<\/a> to use signature algorithms with hash functions that are stronger than 160-bit SHA-1 \u2013 such as SHA-2, which can produce up to 512-bit hash value and is supported almost everywhere.<\/p>\n
According to a recent Google announcement<\/a>, beginning November, users who visit websites that use SHA-1-based SSLs expiring any time in 2017 in updated Chrome 40 will see a warning that Google has recently announced that they\u2019re sunsetting SHA-1. Initially, the warnings will be limited to a \u201cSecure<\/a>, but minor errors\u201d icon, in the form of a lock with a yellow triangle. In later Chrome versions, this will become a red crossed-out lock.<\/p>\n
According to web browser statistics<\/a> collected from W3Schools’ log-files, Google Chrome is the most-used web browser. In September 2014, Google Chrome usage was at 60%, Mozilla Firefox 24%, and\u00a0Microsoft Internet Explorer 10%.\"chart_05\"<\/a>Here is a matrix<\/a> showing important dates of changes in Chrome.\"chrome-versions-dates\"<\/p>\n

\nMozilla\u2019s CA Certificate Maintenance Policy<\/a> also agrees that SHA-1 certificates should not be issued after January 1, 2016 or trusted after January 1, 2017.<\/p>\n
What You Should Do:<\/h2>\n