Microsoft will refuse to support digital certificates based on SHA-1
Microsoft will refuse to support digital certificates that use the SHA-1 hashing algorithm in the middle of next year (June 2016). The period of support for this hashing algorithm was cut by half a year, since it was originally planned to support it until 2017. Such a solution is related to the discovered SHA-1 flaws, which allow to perform a collision and make it possible to forge a digital signature. After this date, almost all digital certificates that use SHA-1 to generate hash cannot be validated by Windows and its components.
A similar solution was recently announced in the Mozilla Foundation, the Mozilla Firefox web browser will no longer support digital certificates based on SHA-1 from July 2016. The same goes for Google Chrome.
After this date, MS Edge and IE web browsers will no longer recognize web sites signed with SHA-1 certificates as safe, and Windows will no longer trust digital signatures of files for which SHA-1 certificates were used. At the same time, we are talking only about those certificates that have been generated by CA since January 1, 2016, since from this date CA is prohibited from issuing certificates with this hashing algorithm ( CAs must move all certs to SHA-2 after 1 / 1/2016 ) After January 1, 2017, Windows and its components will no longer recognize all SHA-1 certificates, regardless of their signature timestamp.
')
A similar behavior will be observed in the Mozilla Firefox web browser, which will mark from July 1, 2016 as untrusted, those connections that used the SHA-1 certificate issued after January 1, 2016. After January 1, 2017, untrusted will be all https connections are marked with SHA-1.
The Google Chrome web browser will refuse to recognize trusted connections with SHA-1 certificates starting January 1, 2017.
A similar solution was recently announced in the Mozilla Foundation, the Mozilla Firefox web browser will no longer support digital certificates based on SHA-1 from July 2016. The same goes for Google Chrome.
After this date, MS Edge and IE web browsers will no longer recognize web sites signed with SHA-1 certificates as safe, and Windows will no longer trust digital signatures of files for which SHA-1 certificates were used. At the same time, we are talking only about those certificates that have been generated by CA since January 1, 2016, since from this date CA is prohibited from issuing certificates with this hashing algorithm ( CAs must move all certs to SHA-2 after 1 / 1/2016 ) After January 1, 2017, Windows and its components will no longer recognize all SHA-1 certificates, regardless of their signature timestamp.
')
A similar behavior will be observed in the Mozilla Firefox web browser, which will mark from July 1, 2016 as untrusted, those connections that used the SHA-1 certificate issued after January 1, 2016. After January 1, 2017, untrusted will be all https connections are marked with SHA-1.
The Google Chrome web browser will refuse to recognize trusted connections with SHA-1 certificates starting January 1, 2017.
Source: https://habr.com/ru/post/270175/
All Articles