The National Institute of Standards and Technology (NIST) adviced to change to SHA-2 for issuing digital certificates. The SHA-family is developed by the NIST and is used by Certificate Authorities (CA's) for signing certificates. SHA-2 succeeds SHA-1 and doesn't have the weaknesses that SHA-1 does.
Applications, like browsers, will show errors for SHA-1 certificates. What kind of warning is shown, depends on the browser.
- Since 2016 Microsoft stopped supporting SHA-1 Code Signing Certificates in Internet Explorer. In 2017 Microsoft will stop supporting SHA-1 SSL certificates. Windows 7 and higher, will show a warning for Code signing SHA-1 signatures without a timestamp, issued before 2016. Code signing SHA-1 signatures with a timestamp will be trusted until the 14th of January 2020.
- Google Chrome will show a warning for SHA-1 certificates that will expire after the 1st of January in 2017.
- Mozilla will show warnings in Firefox for SHA-1 certificates that will expire after 2016.
The CA's will not issue SHA-1 certificates anymore.
All certificates from all brands will be issued with SHA-2, the following applies:
- It is possible to reissue your SHA-1 certificate in a SHA-2 certificate for free.
- The former certificate will not be revoked, after the reissue.
If you're not sure which algorithm is used, you can check your certificate with the SSLCheck. The algorithm is shown in the field 'signature'. You can also check your algorithm in your control panel, under the column 'Hash'.
Note: All this is about end- and intermediate certificates, SHA-1 signed root certificates will remain valid and will still be used. For root certificates, the identity is more important than the signature of the hash.
Most clients and servers support SHA-2, exceptions are outdated operating systems like Windows XP versions without Service Pack 3. For the installation, new SHA-2 root certificates are available.
The following clients and servers and mobile devices will support SHA-2:
- Mac OS X 10.5+
- Microsoft Windows XP SP3
- Vista, 7 en 8 .NET Framework 1.1+
- Internet Explorer 7+
- Apple Safari 5+
- Mozilla Firefox 1.5+
- Opera 9.0+
- Konqueror 3.5.6+
- Mozilla based browsers 3.8+
- OpenSSL 0.9.8+
- Java 1.4.2+ based products
- Google Chrome 26+
- Adobe Acrobat/Reader 7+
- Apache server
- Mac OS X Server 10.5+
- Microsoft Windows Server 2003 SP2+ (after installing KB 938397 and KB 968730)
- Microsoft Windows Server 2008+
- Microsoft Exchange 2010 SP3 and up
- Microsoft Lync 2010
- 2013 Oracle WebLogic 10.3.1+
- iPhone OS 3.0+
- Blackberry 5.0+
- Windows Phone 7+
- Android 2.3+
The following versions can sign with SHA-2, outdated versions mostly can validate SHA-2 signed e-mails:
- Mozilla Thunderbird 38 and higher;
- Microsoft Outlook 2007 on Windows Vista and higher;
- IBM Notes version 9 and higher.
A solid hashfunction will provide a strong resistance towards clashes, which means that the chance of matching input values must be small. In the previous years, vulnerabilities were found in SHA-1, which made the algorithm more sensitive towards clashes. This means the chance for matching input values in an attack is higher.
For certificates hashing is being used to guarantee the message is authentic and will remain authentic. Cracking the SHA-1 algorithm would mean that the content of a signed message or certificate can be changed, without noticing it, because the hash of the message or certificate remains the same. In SHA-2, the substitue of SHA-1, no vulnerabilities have been found.