Following the recommendation of the NIST (National Institute of Standards and Technology) that advised not to use cryptographic hashing algorithms to provide security to less than or equal to 80 bits of information (including SHA1), since the major web browsers av have taken a number of announcements on plans to revamp its digital certificates or policies to stop using SHA1 certificates.
The guides of CA Browser Forum, which brings together the main developers of web browsers, have adopted a document , in item 7.3.1 also discourages the use of SHA1.
As regards the SSL the audit, which affects browsers the final certificate and the intermediate .
The main suppliers agree that from 1 january 2016 should no longer issuing certificates by the CA ’ s using SHA1 and algorithms, from 1 january 2017, it should not be left in none. this will be implemented in the browsers through caution to users, images of ‘ https ’ or strikethrough in red, blockades, etc.
Therefore it would be advisable for these limitations are taken into account if it was necessary to renew SSL certificates, certificates refreshed by others SHA256 algorithm or higher for the end to the middle.
This also affects signing certificates of applications.
Below are available some official announcements:
- https :// googleonlinesecurity.blogspot.co.uk/2014/09/gradually-sunsetting-sha-1.html
- https :// technet.microsoft.com/en-us/library/security/2880823.aspx
- https :// technet.microsoft.com/library/security/2880823.aspx
- https :// blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/