Google is considering rejecting SSL certificates that use the SHA-1 cryptographic hash function in Google Chrome on July 2016, half a year earlier than initially expected.
Designed in 1995 by the NSA, SHA-1 has become an important Internet security standard, but new research revealed that the cost of collision attacks, one of the main threats against SHA-1, has dropped significantly. As such, tech companies announced that they would move away from the standard, adopting the more secure SHA-2 or SHA-3 algorithms instead.
Cryptography experts have been urging the industry to migrate to the new standards for years, and the first to take stance was Microsoft in November 2013, when the company announced its intention to deprecate the use of the SHA-1 algorithm in code signing and SSL certificates in favor of SHA-2. In September 2014, Google and Mozilla announced that their browsers would stop accepting SHA1-based certificates after January 1, 2017.
In October of this year, Mozilla announced that it might start rejecting SHA1-based certificates half a year earlier than initially planned, on July 1, 2016. In a blog post published last week on the company’s Online Security Blog, Google’s Lucas Garron, Chrome security and David Benjamin, Chrome networking, said that the search giant is also considering making the move earlier than initially announced.
At the moment, the company plans on completely dropping SHA-1 certificate support on January 1, 2017, which means that “sites that have a SHA-1-based signature as part of the certificate chain (not including the self-signature on the root certificate) will trigger a fatal network error.” Certificate chains that end in either a local trust anchor or a public certificate authority (CA) are affected by this.
Users will observe some changes as soon as January 2016, when Chrome version 48 will display a certificate error if it encounters a site with a leaf certificate that is signed with a SHA-1-based signature. The error will also be displayed for certificates issued on or after January 1, 2016, as well as for those that chain to a public CA, Google said.
Later in 2016, an error will be displayed when certificate chains contain an intermediate or leaf certificate signed with a SHA-1-based signature or contain an intermediate or leaf certificate issued on or after January 1, 2016, as well as for those chaining to a public CA. Sites using new SHA-1 certificates that chain to local trust anchors won’t trigger the error.
Starting on July 1, 2016, however, Google Chrome might block sites that rely on SHA-1 certificates altogether, just as Mozilla’s Firefox might do. Google also explains that since Chrome uses the certificate trust settings of the host OS where possible, Microsoft’s plan to no longer trust code signed with a SHA-1 certificate and with a timestamp value greater than January 1, 2016 will also trigger a fatal network error in Chrome, regardless of Chrome’s intended target date.
According to Google, browsers need to drop support for individual TLS features that are found to be too weak to ensure that users are kept safe. In addition to SHA-1 certificates, Chrome will also drop support for the RC4 cipher suites for TLS connections in version 48. As announced in September this year, Microsoft and Mozilla will also make the change in their browsers in early 2016.
“For security and interoperability in the face of upcoming browser changes, site operators should ensure that their servers use SHA-2 certificates, support non-RC4 cipher suites, and follow TLS best practices. In particular, we recommend that most sites support TLS 1.2 and prioritize the ECDHE_RSA_WITH_AES_128_GCM cipher suite,” Garron and Benjamin concluded.
However, while browser makers are interested in dropping support for SHA-1 certificates as soon as possible, other tech companies suggest that they should keep supporting it in older browser versions.
Earlier this month, Facebook and CloudFlare explained that many users in emerging markets do not have access to devices that support modern, SHA-2-compatible browsers, and that they would be cut off the Internet as soon as SHA-1 certificates are dropped.