SSL certificates: SHA-1 deprecation

We’ve been asked a few times recently about the announcement from the developers of the  Chrome browser concerning SHA-1 deprecation. This post gives some background, and answers the most common questions. If you’re in a hurry: don’t panic! Mythic Beasts has got you covered.

What’s it all about? For an SSL certificate to be trusted by browsers around the world, it needs to be digitally signed by a well-known and trusted body, called a Certification Authority or CA. (For the SSL certificates that we sell, the CA is usually GeoTrust.) When a certificate is issued, the CA takes the details of your certificate (most notably the address of your website, and the public half of your crypto key) and digitally signs them. When a user browses to your site, they receive your signed certificate and they check the CA’s signature of it to be certain that they are talking securely to the right site.

Except… the CA doesn’t actually sign all the data in the certificate. It first passes it through a cryptographic hash function, which securely reduces the data to a small fingerprint, and then it signs that. Currently, the hash function most commonly used in SSL certificates is SHA-1. This is going to change over the next couple of years.

What’s wrong with SHA-1? Cryptographic hash functions become weaker over time, as Moore’s law makes computers ever faster, and cryptologists discover flaws in the algorithm. A significant flaw in SHA-1 was first published back in 2005, and it is now believed that it may be feasible to find a SHA-1 collision by 2018 or sooner.

Is there an alternative? Yes! SHA-2 (also known as SHA-256) is already implemented in all major browsers. However, because of the nature of the problem, every SSL certificate needs to be upgraded, so we can tell browsers to stop accepting SHA-1 signed certificates. Note that SHA-1 has not yet been “broken”, and while weakened, it is still strong enough for the time being. However, for a smooth transition to SHA-2, we need to start now.

What’s the Google announcement? Although this has generated a lot of discussion, it doesn’t actually say very much that’s new. Microsoft announced in November 2013 that they will not accept SHA-1 signed certificates after 2016. The Chrome developers have recently confirmed that they will do the same, and have filled in some details for a hopefully smooth transition.

Rather than having a single cut-off date, Chrome will be gradually ratcheting up the level of warnings. SHA-1 certificates with an expiry date in 2017 or later will start to receive the “yellow triangle” warning in the browser address later this year. Of course, the connection is still encrypted, but this is a clear indication to users, and hopefully the site administrators too, that something is amiss.

By the middle of next year, if those sites are still running with a SHA-1 certificate that lasts into 2017, the warning will be upgraded to a red cross, making it crystal clear to all concerned that action is needed.

For SHA-1 certificates that have an expiry date in 2016, the situation is not so serious. Sites with these certificates will start to receive yellow triangle warnings next year, but the warning won’t be escalated beyond that. In both cases, only the security icon will be changed; there will be no click-through warnings. This move, which is also supported by Mozilla and Opera, is forcing the hand of the CAs, and much misinformation has been spread about it.

Is my certificate OK? Yes. Almost all^* certificates issued by Mythic Beasts have only a 1 year expiry, so your current certificate will not solicit any warnings from Chrome, or any other browser. ^*Very occasionally we do issue certificates for longer than 1 year; we’ve checked the issue dates for all these, and are in contact with all affected customers to reissue their certificates.

And then…? We already have a process in place for issuing SHA-2 certificates and renewals. It’s currently a bit more fiddly than we’d like (in fact, it involves obtaining a SHA-1 certificate and then reissuing it as SHA-2!), but we will be trying to make this slicker over the next few weeks. In any case, after October 2014, we will only be issuing SHA-2 certificates.