Chrome and Firefox phase out support for SHA-1

SHA-1 Certification Deprecates in 2017

Designed to improve online security, SHA-1 certificates are part of the encryption which should ensure that HTTPS sites are genuinely what they claim to be. However, with the constant advance of hacking tools, the certification has become increasingly breakable - and therefore insecure.

Essentially, the encryption that SHA-1 certificates use can potentially be broken if a sufficiently large amount of computational time and power is spent on a collision attack, rendering sites potentially insecure. There have been no real-world issues relating to this - the certification is being deprecated to prevent any from occurring in the future.

As such, both Chrome and Firefox will deprecate the certification in January 2017, with Microsoft Edge and Internet Explorer following suit in February. Essentially, this means that if you use any of those browsers to visit a site signed with an SHA-1 signature, you’ll be blocked from viewing the page with a warning about the certification.

For most people, this won’t result in any major changes - most sites have already changed, or will be changing, their signatures to a more secure certification, so you shouldn’t see many issues when browsing.

For Exa Customers:

We provide many of our customers with Stormshield firewalls, which intercept all traffic for a number of security options and features. The Stormshield firmware, however, currently uses SHA-1 certification, and needs to be updated before January begins. We’re currently emailing our customers in batches, giving you all the information you need to know about the firmware update and when we’re implementing it for you.