Colin Simning

SHA-1 Deprecation Schedule for Chrome

Blog Post created by Colin Simning Employee on Nov 5, 2014

As most people are probably aware, Google recently announced plans to quickly deprecate SHA-1 signed certs and prefer SHA-2 signed certs in upcoming versions of Chrome. This transition will be a multi-step process that will take place as Google releases the next three versions of Chrome with each successive version considering SHA-1 signed certificates with specific expiration date ranges to be increasingly in secure.


The good news is that Akamai can support serving SHA-256 signed certificates and it's a matter of assessing if and when current SHA-1 certs will be affected by transition. Below are some details that show Google's schedule and it's affects on the address bar icons.

 

There are 4 categories that Chrome uses when assessing a certificate and they have corresponding icons in the address bar:

 

1. fully secure

Green Lock.gif

2.  secure, but with minor errors

secure_minor errors.png

3.  neutral, lacking security

neutral.png

4.  affirmatively insecure

insecure.png

 

Below is a chart of the schedule based on the release version and how Chrome will treat SHA-1 signed certs based on their expiration date.

Screen Shot 2014-11-05 at 9.23.41 PM.png

 

It's worth noting that both Firefox and Internet Explorer will also eventually be phasing out SHA-1 in favor of SHA-2 in the not too distant future.

 

Here are some external links that may be helpful:

Google’s Online Security Blog Announcement: http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html

Detailed Summary of Browsers, OSs, servers, etc that support SHA-2:https://support.globalsign.com/customer/portal/articles/1499561-sha-256-compatibility

Mozilla’s SHA-1 Phase Out Plan: https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/

Microsoft’s SHA-1 Phase Out Plan: http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx

Outcomes