Valentine’s Day 2017 will be the end of the line for SHA-1 certificates as the main browser vendors (Google, Mozilla & Microsoft) have announced they will be killing off the weak hash, 12 years after its flaws were first highlighted.
The SHA-1 algorithm is no longer secure. Google has already announced that Chrome will block SHA-1 SSL/TLS certificates from version 56, which is due to be released at the end of January 2017.
Microsoft and Mozilla have now announced they too will be ending support for SHA-1 HTTPS certificates – Mozilla from build 51 of Firefox (January 2017) and Microsoft Edge / Internet Explorer 11 from February 14th 2017. On all fronts, D-Day is finally arriving for SHA-1.
Since 2005, the SHA-1 hash algorithm has been seriously flawed, and getting weaker as computing power has grown. This weakness in SHA-1 certificates allows attackers to spoof content, execute web attacks, or perform man-in-the-middle attacks when users browse the web.
With the release of the D-Day browser builds, users will receive a warning when visiting websites which still use SHA-1 certificates, advising them not to enter (or only proceed at their own risk).
Can your organisation risk this happening on essential sites and services? Get a free SSL scan to see if your website or services are at risk – just fill in the form.
Google announced earlier this month how their three stage webpage security rating system will look (see right).
Do you want to prevent your website from featuring this red ‘not secure’ warning? Using Cloud SSL you can view all your certificates, renew or activate all within one portal.
Arrange your free trial now by simply filling in the form on this page.