Microsoft Edge and IE11 won’t support websites with SHA-1 certification

Khushaar Tanveer avatar. By: Khushaar Tanveer
2 minute read

Home » News » Microsoft Edge and IE11 won’t support websites with SHA-1 certification

Microsoft has recently announced their plans to abandon support for TLS certificates signed by the SHA -1 hashing algorithm starting February of 2017. Microsoft further acknowledged that numerous websites, users, and third-party applications will be severely affected once the company deplores SHA-1 signed certificates.

Starting on February 14th, 2017, Microsoft Edge and Internet Explorer 11 will prevent sites that are protected with a SHA-1 certificate from loading and will display an invalid certificate warning. Though we strongly discourage it, users will have the option to ignore the error and continue to the website, said Microsoft in is blog post.

The revelation is not exactly news: the company hinted as much back in November.

The SHA-1 hashing algorithm, used for internet security in conjunction with with the HTTPS protocol and certificates used to protect Web sites, has been declared unsafe and vulnerable to attacks from well-funded adversaries back since 2005 but was largely utilized before until the SHA-2 and SHA-3 algorithms that were tested to be more secure alternatives for hashing functionalities came along. The initiative is not a new one and the function has previously been denounced and rejected by Google and Mozilla for being more prone to cryptographic collisions than estimated.

Microsoft has detailed that their browsers, Edge and the Internet Explorer, will now prevent sites using SHA-1 signed certificates from loading and will display an “invalid certificate” warning in order to restore security back to the services. Although users won’t be compelled to skip the sites, they will have the option to bypass the threat and access the potentially vulnerable website despite the warning, just without the “bar lock” trust icon that users see in the address bar of their browsers.

Third-party Windows applications running the Windows SHA-1 cryptographic API set or former versions of Internet Explorer will not be affected by these changes.

RELATED STORIES YOU NEED TO CHECK OUT:

Discussions

Next up

Windows 10 April 2019 Update is almost here, new builds focus on fixes

Matthew Adams By: Matthew Adams
3 minute read

Microsoft is gearing up for the next big Windows 10 build update in spring 2019. The software giant has just announced Windows 10 Insider Preview […]

Continue Reading

Getting Something went wrong Netflix error? Here’s how to fix it

Matthew Adams By: Matthew Adams
4 minute read

Netflix is one of the foremost movie-streaming services that users can utilize within browsers or with its app. However, Netflix also throws out Something went […]

Continue Reading

KB4489890, KB4489888 and KB4489889 bring many issues of their own

Rabia Noureen avatar. By: Rabia Noureen
3 minute read

Microsoft rolled out a new series of cumulative updates for three Windows 10 versions: v1709, v1703 and v1607. The updates don’t come with any security fixes this […]

Continue Reading