{"id":3259,"date":"2016-12-05T16:46:41","date_gmt":"2016-12-05T21:46:41","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=3259"},"modified":"2017-06-01T18:56:17","modified_gmt":"2017-06-01T22:56:17","slug":"final-countdown-end-sha-1","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/final-countdown-end-sha-1\/","title":{"rendered":"The Final Countdown To The End of SHA-1"},"content":{"rendered":"

Starting 2017, SHA-1 Warnings Will Get Ugly<\/span><\/h2>\n

We have written about SHA-1 a lot, but it can\u2019t hurt to have one more reminder. We are only a few months away from 2017, and when we do enter January it will be the end of SHA-1. Seriously. Very very dead.<\/span><\/p>\n

If you do not know about SHA-1, here is a one paragraph summary: To prove authenticity of SSL certificates, computers check the certificate\u2019s signature. This signature is created with a cryptographic algorithm. For years, SHA-1 was the most widely used algorithm but it is now insecure and has been forbidden in all new certificates since the beginning of this year. Instead, you should be using SHA-2, the new industry standard. \u00a0Now you are caught up!<\/span><\/p>\n

Currently, SHA-1 certificates are treated with safety gloves. Browsers usually take away the coveted padlock icon or display a subtle warning.<\/span><\/p>\n

But In 2017, the gloves come off. All the major browsers – Chrome, Firefox, Internet Explorer 11, and Edge – will <\/span>fully block <\/b>SHA-1 certificates.<\/span><\/p>\n

Chrome and Firefox will be the first to flip the switch. When <\/span>Chrome 56 releases<\/span><\/a>, which should be near the end of January, a full-page warning will be displayed for all SHA-1 certificates. Firefox 51, <\/span>due out around the same time<\/span><\/a>, will also show a similar warning.<\/span><\/p>\n

\"end<\/p>\n

Microsoft\u2019s browsers, Edge and Internet Explorer 11, will join in shortly after. Starting February 14th, 2017, their browsers \u201c<\/span>will prevent sites [using] a SHA-1 certificate from loading<\/span><\/a>,\u201d and present an invalid certificate error. <\/span><\/p>\n

SSL Labs<\/span><\/a>, one of the most popular (and free) tools for testing your website\u2019s SSL configuration, will also be <\/span>giving poor grades to SHA-1 certificates<\/span><\/a> in 2017.<\/span><\/p>\n

The errors in all these browsers will be overridable, but with warnings this severe you should expect the vast majority of users to leave your site. And eventually browsers will remove any bypassing altogether.<\/span><\/p>\n

These behaviors will not apply (or be configurable) for locally imported\/manually-installed roots. So, those of you still using SHA-1 with local trust you will have the ability to turn these off.<\/span><\/p>\n

If you are still using SHA-1 you have very little time to get upgraded to a SHA-2 certificate. Remember, it is no longer possible to get publicly-trusted SSL certificates that use SHA-1. Even if you have an existing SHA-1 cert valid in 2017, browsers will still apply this treatment.<\/span><\/p>\n

If you have any questions about SHA-1\/SHA-2, or are still using SHA-1, please get in touch or leave a comment. We are here to help.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Starting 2017, SHA-1 Warnings Will Get Ugly We have written about SHA-1 a lot, but it can\u2019t hurt to have one more reminder. We are only a few months away…<\/p>\n","protected":false},"author":2,"featured_media":3261,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[17],"tags":[132,151,280,253,156,279],"class_list":["post-3259","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry-lowdown","tag-chrome","tag-firefox","tag-internet-explorer","tag-microsoft","tag-sha-1","tag-web-browsers","post-with-tags"],"views":12492,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2016\/12\/iStock-533354624.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/3259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=3259"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/3259\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/3261"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=3259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=3259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=3259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}