Microsoft Finally Bans SHA-1 Certificates In Its Browsers

An anonymous reader quotes ZDNet: With this week's monthly Patch Tuesday, Microsoft has also rolled out a new policy for Edge and Internet Explorer that prevents sites that use a SHA-1-signed HTTPS certificate from loading. The move brings Microsoft's browsers in line with Chrome, which dropped support for the SHA-1 cryptographic hash function in January's stable release of Chrome 56, and Firefox's February cut-off... Apple dropped support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3... Once Tuesday's updates are installed, Microsoft's browsers will no longer load sites with SHA-1 signed certificates and will display an error warning highlighting a security problem with the site's certificate.

Re:well you know what they say

[ShanghaiBill]

Better 5 months late and unannounced with no industry coordination or planning than never.

Anyone with a brain knew this was going to happen and already made the transition years ago. The procrastinating and/or ignorant people caught with their pants down would not have responded to any effort at coordination, and are not capable of planning.

Why ban it?

[Zorpheus]

It is no secure encryption, so it is just as insecure as an unencrypted site. But since it is banned we can't even view these sites anymore. That makes no sense. There should just be a warning, similar to what you get for an untrusted certificate.