End of SHA1
I’m still coming across people who look after website certificates and corporate PKI security who are still in the dark about the retirement of SHA1. SHA1 is a very popular hashing function that has been used for many years, however like everything on the Internet, weaknesses have been identified and exploited and now the time has come for SHA1 to be retired. In fact it was 10 years ago that the integrity of SHA1 was put into question, Bruce Schneier wrote a good article about this, back in 2005 called Cryptanalysis of SHA1.
Back in November 2013, Microsoft announced that they wouldn’t be accepting any new SHA1 certificates after 2016 and have updated their policies to take this into account, you can find more about this here: http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx.
What may be more important and scary is that shortly after this announcement, Google came forward and mentioned that they would start penalising sites that used SHA1 certificates during and after 2016 (see below for announcement link).
Now what happens?
This could potentially be a tricky one, if you don’t host or use websites that utilise certificates then this is a simple solution of simply not using SHA1 certificates after the end of 2015. If you are using your own PKI infrastructure to supply the certificates enough said, however it may become costly to replace your existing certificates if they are long lasting ones.
However Google’s decision now complicates things, it’s now no longer safe to use SHA1 (with Google Chrome) even during 2016 so this leaves 8 months (as of writing) to change over. If you do nothing you will be faced with an error message when browsing your web site as well as damaging your online presence in the search rankings.
So here are your choices:
- Read the announcement from Google: This will help you understand how the changes will be introduced. Any certificates that expire during or after 2016 will be affected.
- Ensure new certificates and their associated chains all use SHA256: If your new certificates are not guaranteed to be SHA256 then all your other efforts will be pointless and a waste of time and money.
- Inventory existing certificates: This might be a tricky one, however it will be a good housekeeping exercise. Depending upon your environment you may be able to deploy automated scanning or run reports to find any offending certificates.
- Replace SHA1 certificates that expire after 2015: Start to replace any new certificates with SHA256 and any certificates that will expire after 2015 with those used on your most important sites and those that expire after 2016. Once this is done you can circle back and update the non-critical certificates until all are replaced.
Keep the following in mind however when you are looking to update your infrastructure:
- Older platforms might not be able to support SHA256 certificates. For example, Operating Systems such as Windows Server 2003 and older.
- Some older clients don’t support SHA256. Windows XP pre SP3 and older will have issues with supporting SHA2 certificates.
What older clients don’t support SHA256
Many older clients (Windows XP being the mainstream one) don’t support SHA256, but are these machines still relevant? The answer will vary from company to company and site to site. To find out how many people are using older Operating Systems when visiting your website check your website Analytics reports and see if any machines are listed. If it’s only a small percentage you may just bite the bullet and hopefully this will force people to upgrade. If it’s a high percentage you may have to re-think your plan and start now!
Windows XP introduced SHA256 in Service Pack 3, anyone running pre-SP3 should be able to upgrade to SP3 without any issues (and should have done years ago).
For the mobile platforms, Android added SHA256 support in version 2.3, so anyone using older Android phones will be affected.
What if you need to support older clients?
So what you need to support older clients without just denying them access? Technically it is possible to provide SHA256 certificates to modern day clients as well as serving older SHA1 to those clients that are unable to be updated. An example of this would be to have a site that is using two certificates: ECDSA+SHA256 for modern clients and RSA+SHA1 for older clients.
However there is a gotcha here, depending upon the platform you are using, this may not be a supported feature. Apache is the only major server to support multiple certificates, however Nginx is apparently adding support for this feature as well. If you are running on Windows, you may be out of luck.
I hope this blog has been useful. Act now, check your certificates and update as soon as possible so that you are not left behind.