SSL247®

SHA-2 MIGRATIONTable of contents

SHA-1 deprecation, moving to SHA-2..............1What is SHA-1 and why it is being deprecated?.................1

What is SHA-2?...........................................................................1

Deadlines...........................................................2 What does Microsoft say about SHA-1?...............................2

What does Google say about SHA-1?...................................2

Timeline Microsoft + Google...................................................3

Should I renew or not?..............................................................4

SHA-2 Compatibility..............................................5OS, Browser and Server support.............................................5

Detailed Operating System Support......................................6

E-mail Clients..............................................................................6

Word Processors.........................................................................6

Code Signing...............................................................................7

SafeNet iKey / eToken Compatibility.......................................7

Mainframe....................................................................................7

Services.........................................................................................7

SSL247

@SSL247

/SSL247LTD

SSL247® - The Web Security Consultants - Platinum partner of Symantec, Thawte, GeoTrust, GlobalSign and Comodo

© 2014 SSL247 Ltd. All rights reserved. SSL247 Limited is registered in England & Wales No: 5802692

Our accreditations

INFORMATION SECURITYMANAGEMENT

INFORMATION SECURITY MANAGEMENT

ISO 27001

1SSL247® Ltd - 63 Lisson Street - Marylebone - London - NW1 5DA - UK Ι SSL247 Ltd is registered in England and Wales - No. 5802692

What is SHA-1 and why is it being deprecated?SHA, or Secure Hash Algorithm, is a hashing algorithm used in secured connections to prove the integrity and authenticity

of a message to the receiver. SHA algorithm is the default hash algorithm set in SSL certificates.

SHA-1 is an algorithm producing a 160-bit fingerprint when used on a message.

It was the standard up until now for secured connections. However SHA-1 was adopted in 1995, a long time ago in

internet years. Just think of the computer you were using in 1995! Huge advances in technology and developments in

cryptography since then are putting pressure on SHA-1, and it has been shown to be unreliable.

Its days are numbered and the SSL industry is migrating to SHA-2. From January 1st 2017, SSL certificates using SHA-1

will no longer be recognised by web browsers and operating systems, rendering them useless. Most major browsers

(Chrome, Safari, Mozilla, Opera) have voiced their support for the move.

What is SHA-2?

SHA-2 is a set of hash functions including SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256.

The most common hash function used is SHA-256. So generally speaking, SHA-2 = SHA-256.

It works the same way as SHA-1, but produces a longer fingerprint when used on a message (256-bit instead of 160-bit

for SHA-1). Moving from SHA-1 to SHA-2 will increase security and safety online.

SHA-1 deprecation, moving to SHA-2

®

2SSL247® Ltd - 63 Lisson Street - Marylebone - London - NW1 5DA - UK Ι SSL247 Ltd is registered in England and Wales - No. 5802692

®

What does Microsoft say about SHA-1?

Microsoft’s Operating Systems will stop trusting SSL certificates using SHA-1 from January 1st, 2017, and Digital Signatures

using SHA-1 from January 1st, 2016.

All Certification Authorities (Symantec, GlobalSign, Comodo, ...) will stop issuance and / or reissuance of SSL certificates

by January 1st, 2016.

What does Google say about SHA-1?

Google believes Microsoft’s deadline (January 1st, 2017) is too far away from now, and SHA-1 is already a weak hashing

algorithm.

To force people to move to SHA-2 as soon as possible, Google will deprecate on Chrome the use of a SHA-1 certificate

which is valid after May 2016. To do so, they are displaying warning icons on websites using such certificates (see the

timeline below).

Deadlines

If your SHA-1 SSL certificate expires after January 1st, 2017, from this date any user trying to connect to your server will get this warning message

3SSL247® Ltd - 63 Lisson Street - Marylebone - London - NW1 5DA - UK Ι SSL247 Ltd is registered in England and Wales - No. 5802692

®

SHA-1 Certificates expiring Between June 1st, 2016 and

December 31st, 2016

SHA-1 Certificates expiring After January 1st, 2017

What the user saw on Chrome 39 (Released November 2014)

What the user sees now on Chrome 40 (Released January 2015)

What the user will see on Chrome 41 (Release: Q1 2015)

A

C

2014 2015 2016 2017

A B C

01 Jan 2017Microsoft stops trusting SHA‑1 SSL certificates.

Secure, but with minor errors

Secure, but with minor errors

Secure, but with minor errors

Neutral, lacking security

Affirmatively insecure

Secure

Note: if you have an EV (Extended Validation) certificate with SHA-1 expiring after June 1st, 2016, the new icon display in Chrome (as shown above) will remove the green bar.

B

4

The SHA-1 algorithm is set by default in your SSL certificate at the time of purchase, unless specified otherwise. In any

case, your SSL certificate must use SHA-2 from January 1st, 2017, and all Certification Authorities have ensured you can

purchase SHA-2 certificates from now on. If you chose to be PCI compliant, note that SHA-2 is an element required by

the authority in charge of this norm (Payment Card Industry Security Standards Council).

There are three possible situations:

If your certificate expires before January 1st, 2016: you can still get a SHA-1 certificate, but its validity period can’t go

after January 1st, 2017. Google Chrome won’t display any warning icon on your website.

If your certificate expires between January 1st, 2016 and January 1st, 2017: you won’t have any other

choice than renewing with SHA-2, but your SHA-1 certificate remains valid until December 31st, 2016.

However : if your certificate expires between June 1st and December 31st, 2016, Google Chrome displays a “minor error”

icon on your website.

If your SSL certificate expires after January 1st, 2017: after this date, Microsoft Operating Systems will stop trusting

your SSL certificate, and web browsers will do the same.

In addition to this, Google Chrome is displaying a “lacking security” icon on your website, and later on this year the

“lacking security” icon will become a “non secure” icon (with the release of Chrome 41).

Even if your certificate expires before or during 2016, we recommend that you migrate to SHA-2 as soon as you can.

Renewing in SHA-2 with SSL247®can be done at any time. It is entirely free of charge, easy and will not require a lot of

manipulation (note that SHA-2 certificates must be installed with their corresponding SHA-2 intermediates).

Overall there are minor compatibility issues, and the sooner you start using SHA-2, the more time you will have to fix

issues before your SHA-1 certificate becomes invalid. You will save time and avoid last-minute stress !

Our SHA-1 checker is available to help you quickly find out if your certificates are SHA-1:

https://www.ssl247.co.uk/ssl-tools/sha1-checker

Should I renew or not?

SSL247® Ltd - 63 Lisson Street - Marylebone - London - NW1 5DA - UK Ι SSL247 Ltd is registered in England and Wales - No. 5802692

5

®

SSL247® Ltd - 63 Lisson Street - Marylebone - London - NW1 5DA - UK Ι SSL247 Ltd is registered in England and Wales - No. 5802692

OS, Browser and Server support

SHA-2 Compatibility

Minimum OS Version

(SSL Certificates)Minimum OS Version (Client Certificates)

Apple OS X 10.5+ 10.5+Apple iOS 3.0+ 3.0+Android 2.3+ 2.3+Blackberry 5.0+ 5.0+ChromeOS ✓ ✓Windows XP SP3+ XP SP3+ Windows Phone 7+ 7+Windows Server 2003 SP2 +Hotfixes (MS13-095) 2003 SP2 +Hotfixes (MS13-095)

Minimum Browser Version

Chrome 1.0+ (38+) Firefox 1.0+

Internet Explorer6+

(On a SHA-2 compatible OS) Konqueror 3.5.6+ Mozilla 1.4+ Netscape 7.1+ Opera 6.0+

Safari3+

(Ships with OS X 10.5) Minimum Server Version

Apache Server* 2.0.63+ w/ OpenSSL 0.9.8o+ IBM Domino Server 9.x with Fix Pack IBM HTTP Server 8.5 (Bundled with Domino 9) Microsoft Server Exchange Dependent on Windows Server VersionOracle Weblogic 10.3.1+

* Apache 2.0 is bundled with mod_ssl by default. Versions prior to 2.0 require manual installation of mod_ssl for any SSL support at all. Mod_gnutls is an alternative to mod_ssl, leveraging GnuTLS instead of OpenSSL libraries.

6

SSL Certificates

(Client Side)SSL Certificates

(Server Side)S/

MIME Code SigningWindows XP (SP1, SP2) ✗ N/A ✗ ✗Windows XP SP3 ✓ N/A Partial PartialWindows Vista ✓ N/A ✓ PartialWindows 7 ✓ N/A ✓ PartialWindows 8 ✓ N/A ✓ ✓

Windows Server 2003 / 2003 SP1 ✗ ✗ ✗ ✗Windows Server 2003 SP2 +MS13-095 ✓ ✓ ✓ N/AWindows Server 2008 ✓ ✓ ✓ PartialWindows Server 2008 R2 ✓ ✓ ✓ ✓Windows Server 2012 & 2012 R2 ✓ ✓ ✓ ✓

Windows Phone 5 ✗ N/A ✗ N/AWindows Phone 6 ✗ N/A ✗ N/AWindows Phone 7 ✓ N/A ✓ N/AWindows Phone 8 ✓ N/A ✓ N/A

E-mail Clients

Verify SHA-1

Signed E-MailVerify SHA-256 Signed E-Mail

Send SHA-1 Signed E-Mail

Send SHA-256 Signed E-Mail

Mozilla Thunderbird 24 on XP SP3 ✓ ✓ ✓ N/AIBM Notes 8 ✓ ✗ ✓ ✗IBM Notes 9 ✓ ✓ ✓ ✓Microsoft Entourage 2004 ✓ ✗ ✓ ✗Microsoft Entourage 2008 ✓ ✓ ✓ ✓Outlook 2003 / 2007 on XP SP3 ✓ ✗ ✓ ✗Outlook 2007 on Windows Vista & 7 ✓ ✓ ✓ ✓Outlook for Mac 2011 ✓ ✓ ✓ ✓

Detailed Operating System Support

SSL247® Ltd - 63 Lisson Street - Marylebone - London - NW1 5DA - UK Ι SSL247 Ltd is registered in England and Wales - No. 5802692

Notes on “Partial” compatibility:

• S/MIME:Outlook on Windows XP SP3 can utilize certificates signed with SHA-256 but cannot validate an e-mail signed using the SHA-256 hashing algorithm. By default Outlook signs with SHA1 even if a SHA2 cert is in use though this behavior can be changed if desired.

• Code Signing:Code can be signed with a SHA2 cert on any of the systems listed as having partial or full compatibility without issue. There is an incompatibility with SHA2 signed kernel drivers on the partially compatible platforms. Kernel drivers signed with SHA2 certs will not install on systems listed as having “Partial” compatibility.

7

Word Processors

Verify SHA-1 Signed Docu-

mentVerify SHA-256

Signed Document

Place SHA-1 Signature with SHA-256 certif-

icate

Place SHA-256 Sig-nature with SHA-256

certificateWord 2003 & 2007 on XP SP3 ✓ N/A ✓ ✗LibreOffice Writer 4.2 on XP SP3 ✓ N/A ✓ N/A

Document Signing

Place SHA1 Signature with

SHA-256 certificatePlace SHA2 Signature with

SHA-256 certificateValidate

SHA2 SignatureLibreOffice 4 ✓ ✗ ✗Microsoft Office 2003, 2007 ✓ ✗ ✗Microsoft Office 2010, 2013 ✓ ✓ ✓Adobe Acrobat 8.0+ ✓ ✓ ✓Adobe Reader 8.0+ ✓ ✓ ✓

Note: Adobe Reader 8+ can place signatures with a Digital ID if the functionality has been enabled via Adobe Acrobat Professional.

Adobe Acrobat & Adobe Reader are compatible with SHA-256 certs as of version 8.0, but still place SHA1 signatures by default. As of version 9.1, Acrobat & Reader will prefer SHA-256 for the signature hash if available, otherwise it will fall back to SHA1. SHA-2 signatures can be preferred in versions prior to 9.1 through edits to the registry.

Digital signatures placed with newer versions of Microsoft Office may not be backwards compatible with older versions. Legacy compatibility can be specified manually.

Office 2003 - 2010 work with SHA-2 certs, but place SHA1 signatures. Office 2013 uses SHA2 as the default signature hash when available. You can specify the signature hash in Office 2010 & 2013 via the registry.

Windows Code Signing

Executables Kernel DriversVBA Macros: Of-fice 2003, 2007

VBA Macros: Office 2010

VBA Macros: Office 2013

Windows XP (SP1, SP2) ✗ ✗ ✗ ✗ N/AWindows XP SP3 ✓ ✗ ✗ ✓ N/AWindows Vista ✓ ✗ ✗ ✓ N/AWindows 7 ✓ ✗ ✗ ✓ ✓Windows 8 ✓ ✓ ✗ ✓ ✓

Office 2010 on Windows 7 requires hotfix kb 2598139 to add SHA-256 support for CodeSigning Certs.

Minimum Version RequiredVisual Studio Tools for Office (VSTO) 10.0.50325

SSL247® Ltd - 63 Lisson Street - Marylebone - London - NW1 5DA - UK Ι SSL247 Ltd is registered in England and Wales - No. 5802692

8

Toolkits, Libraries, Frameworks, etc.

Minimum Version RequiredJava Java 1.4.2+

Mozilla NSS 3.8+OpenSSL 0.9.8o+GNUTLS 1.7.4+.NET FX 3.5 SP1+

SafeNet iKey / eToken Compatibility

Works with SHA2 Certificate Place SHA1 Signature Place SHA2 SignatureiKey 4000 ✓ ✓ ✗eToken 5100 ✓ ✓ ✓

Mainframe    

Minimum Version RequiredIBM z/OS v1r10

Citrix Support

Minimum Version RequiredCitrix receiver Varies - See PDF

Services

Notes

Belgian Online Government ServicesNo SHA2 Support.

Issue PersonalSign3 as SHA1.FDA ESG Works with SHA2FDA Encrypted E-Mail FDA S/MIME firewall cannot handle SHA2.

WARNING : a critical bug called "Heartbleed bug" has been detected in OpenSSL versions 1.0.1 to 1.0.1f - if you use any of them, update immediatly to 1.0.1g an reissue all you certificates with new key pairs.

SSL247®

info@SSL247.co.uk0207 060 3775

www.SSL247.co.uk

Contact us:

SSL247

@SSL247

/SSL247LTD

SSL247® - The Web Security Consultants - Platinum partner of Symantec, Thawte, GeoTrust, GlobalSign and Comodo

© 2014 SSL247 Ltd. All rights reserved. SSL247 Limited is registered in England & Wales No: 5802692

Our accreditations

INFORMATION SECURITYMANAGEMENT

INFORMATION SECURITY MANAGEMENT

ISO 27001