Microsoft Edge and IE11 won’t support websites with SHA-1 certification

2 minute read

Home » News » Microsoft Edge and IE11 won’t support websites with SHA-1 certification

Microsoft has recently announced their plans to abandon support for TLS certificates signed by the SHA -1 hashing algorithm starting February of 2017. Microsoft further acknowledged that numerous websites, users, and third-party applications will be severely affected once the company deplores SHA-1 signed certificates.

Starting on February 14th, 2017, Microsoft Edge and Internet Explorer 11 will prevent sites that are protected with a SHA-1 certificate from loading and will display an invalid certificate warning. Though we strongly discourage it, users will have the option to ignore the error and continue to the website, said Microsoft in is blog post.

The revelation is not exactly news: the company hinted as much back in November.

The SHA-1 hashing algorithm, used for internet security in conjunction with with the HTTPS protocol and certificates used to protect Web sites, has been declared unsafe and vulnerable to attacks from well-funded adversaries back since 2005 but was largely utilized before until the SHA-2 and SHA-3 algorithms that were tested to be more secure alternatives for hashing functionalities came along. The initiative is not a new one and the function has previously been denounced and rejected by Google and Mozilla for being more prone to cryptographic collisions than estimated.

Microsoft has detailed that their browsers, Edge and the Internet Explorer, will now prevent sites using SHA-1 signed certificates from loading and will display an “invalid certificate” warning in order to restore security back to the services. Although users won’t be compelled to skip the sites, they will have the option to bypass the threat and access the potentially vulnerable website despite the warning, just without the “bar lock” trust icon that users see in the address bar of their browsers.

Third-party Windows applications running the Windows SHA-1 cryptographic API set or former versions of Internet Explorer will not be affected by these changes.

RELATED STORIES YOU NEED TO CHECK OUT:

Discussions

Next up

Xbox One update error code 0x8b0500b6 [TESTED FIXES]

Mihai Duna avatar. By: Mihai Duna
2 minute read

Some Xbox One users reported experiencing an issue while trying to update installed apps. The updates come to a halt while being blocked by a […]

Continue Reading

This is how we fixed Origin client loading issues for good

Mihai Duna avatar. By: Mihai Duna
2 minute read

Some users reported experiencing a peculiar issue with Origin. Upon opening the app, they get to a blank page, Origin not being able to load […]

Continue Reading

Steam client goes offline randomly [STEP-BY-STEP GUIDE]

Mihai Duna avatar. By: Mihai Duna
2 minute read

Many Steam users experienced issues with Valve’s online gaming platform. A frustrating issue forcing the Steam client to go offline randomly left gamers in the […]

Continue Reading