1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SHA-1 cutoff could block millions of users from encrypted websites

Discussion in 'CSO' started by RSS, Dec 10, 2015.

  1. RSS

    RSS New Member Member

    Millions of Web users could be left unable to access websites over the HTTPS protocol if those websites only use digital certificates signed with the SHA-2 hashing algorithm.

    The warning comes from Facebook and CloudFlare as browser makers are considering an accelerated retirement of the older and increasingly vulnerable SHA-1 function.

    The two companies have put mechanisms in place to serve SHA-1 certificates from their websites to old browsers and operating systems that don't support SHA-2, but are still widely used in some regions of the world.

    These include Windows versions older than Windows XP with Service Pack 3, Android versions older than 2.3 (Gingerbread) and any applications that rely on OpenSSL 0.9.8 for encrypted communications.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page