Mozilla has announced plans to begin displaying an "untrusted connection" error on its Firefox browsers when it...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
comes across certificates signed with the SHA-1 algorithm, starting in early 2017. But Mozilla isn't cutting off SHA-1 support completely, as users can override the error message. How can companies use SHA-1 certificates for Mozilla browsers? And is this a good idea for enterprises?
Editor's note: Following news of a successful collision attack for SHA-1, Mozilla has announced that it disabled the algorithm for all Firefox users.
Industry leaders have been encouraging enterprises to migrate away from the SHA-1 algorithm for some time, so Mozilla's announcement should come as no surprise.
The CA/Browser Forum voted to stop issuing SHA-1 signed SSL/TLS certificates starting Jan. 1, 2016, and Microsoft, Apple and Google have all enacted plans phasing out support for certificates signed with the SHA-1 algorithm at the start of 2017. Google Chrome already flags SHA-1 certificates as having weak security configurations, and warns the user that their connection may not be private.
Users can bypass the "untrusted connection" warning that appears on Firefox 51, which was released in January 2017, but this action is only supported for SHA-1 certificates that chain up to a manually imported root certificate to function, a situation that may exist in various enterprise networks.
The reason SHA-1 certificates are no longer trusted is because the cost of compromising SHA-1 with a collision attack is now within the reach of government agencies and well-resourced cybercriminals. This attack enables malicious actors to impersonate an SSL-protected site that uses a publicly trusted SHA-1 certificate, completely undermining the trust users put in websites' digital certificates. If an attacker manages to compromise an intermediate CA certificate signed with SHA-1, he can generate valid certificates for a variety of domains. This is another reason why network administrators need to update servers with SHA-2 signed certificates, preferably issued by a CA that meets the baseline requirements of the CA/Browser Forum.
SHA-2 doesn't suffer from SHA-1's mathematical weaknesses, and it and the SHA-3 family of cryptographic hash algorithms are now the only sets of hash functions approved by the National Institute of Standards and Technology for digital signature generation. Although the SHA-2 family includes SHA-224, only the stronger SHA-256, SHA-384 and SHA-512 algorithms are allowed by the CA/Browser Forum's baseline requirements for the issuance and management of publicly trusted certificates.
For enterprises running websites, webmasters need to request new SHA-2 certificates to replace any expired SHA-1 certificates; otherwise, their servers will not be fully trusted by browsers, and this will cause problems for users trying to access them.
Various algorithms widely used to keep internet communications secure are coming to their end-of-life, and network administrators should make moving to newer, more robust algorithms a priority, or find themselves in a position of having to try and update entire networks within a short time frame -- never a good idea.
The implementation of an enterprise key and certificate management product or service can help administrators to manage the lifecycle of an organization's certificates, and ensure certificates aren't missed during the migration process, as well as prevent service outages due to expired or noncompliant certificates.
Legacy systems that make SSL connections, such as embedded devices that rely on hard-coded certificates, also need to be migrated to SHA-2 certificates. This may also mean having to update software or firmware if it is unable to support SHA-2 encryption.
Learn about the pros and cons of having an internal public key infrastructure
Find out how to protect PGP short key IDs from collision attacks
Read about the differences between symmetric and asymmetric encryption
Dig Deeper on PKI and digital certificates
Related Q&A from Michael Cobb
Android encryption on devices using Qualcomm chips can be broken due to two vulnerabilities. Expert Michael Cobb explains how these flaws affect ...continue reading
A flaw that allows attackers to load malicious DLL files in Symantec products was labeled as severe. Expert Michael Cobb explains the vulnerability ...continue reading
Mobile apps using insecure OAuth could lead to over one billion user accounts being attacked. Expert Michael Cobb explains how developers can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.