Want to subscribe to topics you're interested in?
Become a Member

Featured Chrome browser 39+ sunsetting SHA-1 SSL signatures

Discussion in 'All Internet & Web Performance News' started by eva2000, Sep 7, 2014.

  1. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    11:46 PM
    Mainline
    10.2
  2. eva2000

    eva2000 Administrator Staff Member

    53,251
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    1:46 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    i mean take both those listed RapidSSL - Knowledge Center - SSL Certificates Support and redo concatenation with your reissued RapidSSL SHA256 SSL certificate.

    Or better yet, just reissue your RapidSSL again with SHA256, this time they should give you a full SHA256 chain of SSL intermediates I believe. Maybe ask RapidSSL support too.
     
  3. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    11:46 PM
    Mainline
    10.2
    Yes I just re issue with SHA2, but still they don't provide root cert that is Sha2.
    I can live with it for now.
    My domain and intermediate are already SHA2, only root is not.
    So I think there's no problem with that.
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,251
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    1:46 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah CA/root SSL can be SHA1 without problems :)
     
  5. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    11:46 PM
    Mainline
    10.2
    I can breath now :D
    Thanks!
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,251
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    1:46 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  7. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    11:46 PM
    Mainline
    10.2
  8. eva2000

    eva2000 Administrator Staff Member

    53,251
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    1:46 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  9. eva2000

    eva2000 Administrator Staff Member

    53,251
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    1:46 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    So Chrome 39 is here now, so SHA1 sunsetting has started !

    Chrome 39.0.2171.71 m for me
     
  10. Andy

    Andy Active Member

    540
    89
    28
    Aug 6, 2014
    Ratings:
    +132
    Local Time:
    10:46 AM
    Version 39.0.2171.71 (64-bit) on Mac OS for me
     
  11. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    11:46 PM
    Mainline
    10.2
    Yeah Version 39.0.2171.71 m (64-bit) for me :)
     
  12. eva2000

    eva2000 Administrator Staff Member

    53,251
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    1:46 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    strange using Chrome 39 visiting know sha1 SSL web sites i am not seeing a downgraded SSL lock icon at all ?
     
  13. Andy

    Andy Active Member

    540
    89
    28
    Aug 6, 2014
    Ratings:
    +132
    Local Time:
    10:46 AM
    I don't think it will show yet. Probably in late 2015.
     
  14. eva2000

    eva2000 Administrator Staff Member

    53,251
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    1:46 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Still ongoing - latest update from Microsoft Microsoft announces updates to SHA-1 deprecation policy for Code Signing

     
  15. eva2000

    eva2000 Administrator Staff Member

    53,251
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    1:46 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    I still come across https sites with SHA1 !

    But scary

     
  16. eva2000

    eva2000 Administrator Staff Member

    53,251
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    1:46 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    SHA1 is nearing it's end Facebook security warning over expiring algorithm - BBC News

    older web browsers beware !

     
  17. eva2000

    eva2000 Administrator Staff Member

    53,251
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    1:46 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Ah Paypal is moving from SHA1 to SHA2 SSL certificates now :)
    WinXP users that don't support SHA2 will need to update. Possibly prompting them to update their OS eventually ?
     
  18. eva2000

    eva2000 Administrator Staff Member

    53,251
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    1:46 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Mozilla/Firefox on SHA-1 Phasing Out SHA-1 on the Public Web | Mozilla Security Blog