Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Finally Bans SHA-1 Certificates In Its Browsers (zdnet.com)

Posted by EditorDavid on from the living-on-the-Edge dept.

An anonymous reader quotes ZDNet: With this week's monthly Patch Tuesday, Microsoft has also rolled out a new policy for Edge and Internet Explorer that prevents sites that use a SHA-1-signed HTTPS certificate from loading. The move brings Microsoft's browsers in line with Chrome, which dropped support for the SHA-1 cryptographic hash function in January's stable release of Chrome 56, and Firefox's February cut-off... Apple dropped support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3... Once Tuesday's updates are installed, Microsoft's browsers will no longer load sites with SHA-1 signed certificates and will display an error warning highlighting a security problem with the site's certificate.

5 of 38 comments (clear)

  1. Re:well you know what they say by ShanghaiBill · · Score: 4, Insightful

    Better 5 months late and unannounced with no industry coordination or planning than never.

    Anyone with a brain knew this was going to happen and already made the transition years ago. The procrastinating and/or ignorant people caught with their pants down would not have responded to any effort at coordination, and are not capable of planning.

  2. Who modded this drivel up? by Anonymous Coward · · Score: 2, Informative

    It was announced over three years ago (and they gave a year's extension):

    https://technet.microsoft.com/en-us/library/security/2880823.aspx

    Microsoft may be shite at a lot of things, but one thing they aren't is giving their enterprise customers long-term notice about changes like this.

  3. Why ban it? by Zorpheus · · Score: 4, Insightful

    It is no secure encryption, so it is just as insecure as an unencrypted site. But since it is banned we can't even view these sites anymore. That makes no sense. There should just be a warning, similar to what you get for an untrusted certificate.

  4. IT department still uses SHA-1 by MobyDisk · · Score: 2

    I work for a large company that has a proxy server that does MITM attacks. The certs issued by the server are SHA-1, so we haven't been able to use Chrome and Firefox for months. The funny thing is that they even recommend using Chrome for certain sites. Many of us have opened tickets on this and they just don't seem to understand that this isn't a bug in Chrome. *facepalm* I hope this finally forces them to fix it. Although I don't have high hopes. Odds are more that they will try to block the update, and if anyone winds-up with it they will be considered out-of-compliance and IT will reformat their machines.

  5. Re:backwards compatability by JustNiz · · Score: 2

    Your sense of humor detector is broken.