Justin Tan Online @ tyjtyj.com

SHA-1/SHA1 phased out and SHA256

by on Jun.18, 2015, under Tech

Recently, I been working on the web page ssl cert signature. It as come to my attention that it appear that Google Chrome browser will begin sun setting SHA1 algorithm cert. This means the browser will report your page is unsecured even with valid SSL cert installed. Other major browser such as Firefox and Internet Explorer will also follow the trail. Firefox and Chrome will slowly begin to show warning and error over the time until 1 Jan 2017. All 3 major browser will begin rejecting the SHA1 cert after 1 Jan 2017. In fact, developer looking at Firefox console already seeing the error. What surprise me is that Google website still using SHA1 at the time of this writing, I would assume they will be the first to move to SHA256. Well, maybe Google try to accommodate old device/browser.

So remember this date 1 Jan 2017 will be the last day before your boss knock on your door on this issue.

Side note: other crypto that also phase out
RCA4
SSLv3
SSLv2


Leave a Reply