Microsoft Has Finally Done Something About SHA-1 Encryption

May 13, 2017 | Uncategorized | 0 comments

Microsoft no longer supports websites which use a SHA-1-signed HTTPS certificate. Chrome had already tackled this problems back in January, followed by Firefox in February.

Microsoft Cracked SHA-1

This  policy will affect websites whcih haven’t moved to SHA-2 signed certificates yet. Apple withdrew support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3. Browser developers and certificate authorities have been growing weary of SHA-1 since the past few years. As soon asupdates are installed, Microsoft’s browsers will not load websites with SHA-1 signed certificates. It will show an error warning which will inform you about the security issue with the websiste you are visiting. Microsoft’s bigger plan to drop SHA-1 certificates will apply to self-signed SSL/TLS certificates which are used in the enterprise.

The current policy “will only impact SHA-1 certificates that chain to a root in the Microsoft Trusted Root Program where the end-entity certificate or the issuing intermediate uses SHA-1”.

Microsoft has said that self-signed SHA-1 TSL certificates will not be affected, but it has asked all customers to migrate to SHA-2 based certificates as soon as possible. The Windows 10 Creators Update will also automatically block SHA-1 in the browser. Microsoft pinned these updates in a blogpost in April. It gave admins instructions to immediately block SHA-1.

Also Read: Rivaling Chromebook: Microsoft’s Surface Laptop

It is interesting to note that SHA-1 is a secure hash algorithm which is widely used in many encryption and security protocols, including TLS and SSL, PGP, SSH, S / MIME, and IPsec. In 2014, 9 percent of the sites used SHA-1 encryption, but when GoogleChrome / Firefox announced that they are blocking SHA-1, Microsoft followed suit.

let’s get connected

Have a Question?

If you have any questions or need to discuss about your project
Feel free to reach out to our friendly team.