Microsoft has recently announced their plans to abandon support for TLS certificates signed by the SHA -1 hashing algorithm starting February of 2017. Microsoft further acknowledged that numerous websites, users, and third-party applications will be severely affected once the company deplores SHA-1 signed certificates.
Starting on February 14th, 2017, Microsoft Edge and Internet Explorer 11 will prevent sites that are protected with a SHA-1 certificate from loading and will display an invalid certificate warning. Though we strongly discourage it, users will have the option to ignore the error and continue to the website, said Microsoft in is blog post.
The revelation is not exactly news: the company hinted as much back in November.
The SHA-1 hashing algorithm, used for internet security in conjunction with with the HTTPS protocol and certificates used to protect Web sites, has been declared unsafe and vulnerable to attacks from well-funded adversaries back since 2005 but was largely utilized before until the SHA-2 and SHA-3 algorithms that were tested to be more secure alternatives for hashing functionalities came along. The initiative is not a new one and the function has previously been denounced and rejected by Google and Mozilla for being more prone to cryptographic collisions than estimated.
Microsoft has detailed that their browsers, Edge and the Internet Explorer, will now prevent sites using SHA-1 signed certificates from loading and will display an “invalid certificate” warning in order to restore security back to the services. Although users won’t be compelled to skip the sites, they will have the option to bypass the threat and access the potentially vulnerable website despite the warning, just without the “bar lock” trust icon that users see in the address bar of their browsers.
Third-party Windows applications running the Windows SHA-1 cryptographic API set or former versions of Internet Explorer will not be affected by these changes.
RELATED STORIES YOU NEED TO CHECK OUT: