The Tuesday updates for Internet Explorer and Microsoft Edge force those browsers to flag SSL/TLS certificates signed with the aging SHA-1 hashing function as insecure. The move follows similar actions by Google Chrome and Mozilla Firefox earlier this year.
Browser vendors and certificate authorities have been engaged in a coordinated effort to phase out the use of SHA-1 certificates on the web for the past few years, because the hashing function no longer provides sufficient security against spoofing.
SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made—for example, for outdated payment terminals.
A hash function like SHA-1 is used to calculate an alphanumeric string that serves as the cryptographic representation of a file or a piece of data. This is called a digest and can serve as a digital signature. It is supposed to be unique and non-reversible.
In February, researchers from Google and CWI (Centrum Wiskunde & Informatica, a math research center in The Netherlands) have proved the first practical collision attack against SHA-1, producing two PDF files with the same SHA-1 digest. This proved without a doubt that the aging hashing function is effectively broken and should not be used for sensitive applications.
Browser vendors have planned since 2015 to flag SHA-1 certificates as insecure and block them. Google Chrome and Mozilla Firefox used a staged approach: Since early 2016 the browsers blocked SHA-1 certificates issued after Jan. 1, 2016 and since January this year they started blocking all existing SHA-1 certificates, including old ones that have long validity periods.
Chrome version 56, released in January, started blocking all SHA-1 certificates that chain back to publicly trusted certificate authorities. In version 57 it also started blocking SHA-1 certificates that chain back to a local root CA. However, it provides a policy mechanism for organizations to disable this restriction. That’s because enterprises might run their own internal certificate infrastructures that rely on self-generated SHA-1 root certificates and cannot easily replace them due to legacy systems that don’t support newer hashing functions like SHA-2.
The ban on SHA-1 certificates introduced Tuesday in IE and Edge will only impact certificates that chain to a root certificate in the Microsoft Trusted Root Program, Microsoft said in a security advisory.
Enterprise and self-signed SHA-1 certificates will not be affected for now, but Microsoft’s long term plan is to phase out SHA-1 from all usages in Windows, including the function’s use for verifying the integrity of downloaded files.