Why SHA-1 based SSL certificates should NOT be used anymore. Revoke old SHA-1 based certificates and get free SHA-2 ones! Here is why ...

All SSL certificates delivered by us are SHA-2 based by default since November 2014. Multiple browser vendors have alredy been showing warnings for websites that were still using old SHA-1 based certificates, after SHA-1 had been replaced.

Today, 10 years after of SHA-1 was first introduced, Google is announcing the first practical technique for generating a collision. The required computation power still is incredibly high, nevertheless it is another proof that replacing SHA-1 with SHA-2 signature algorithm for SSL certificates was about time.


  • Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total
  • 6,500 years of CPU computation to complete the attack first phase
  • 110 years of GPU computation to complete the second phase

 

Starting from version 56, released in January 2017, Chrome will consider any website protected with a SHA-1 certificate as insecure. Firefox has deprecated SHA-1 as of February 24th, 2017.

If you are still using old SHA-1 certificates, please re-issue your certificate for free in order to get a new SHA-2 based one. - If you have got any questions, please don't hesitate to contact us!

Full Google article: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html



Was this answer helpful?

 Print this Article

Also Read

PDF Dokumente mit Adobe Acrobat signieren (SMIME, S/MIME)

Um in Adobe Acrobat eine Signatur zu platzieren, klicken Sie auf Anzeige -> Werkzeuge ->...

PCI Compliance (Payment Card Industry Compliance

PCI stands for Payment Card Industry, data security standard and is defined by the PCI Security...

Check SSL security, installation and configuration

Feel free to use the collection of SSL tools we are providing to check your SSL configuration and...

Does InterSSL deliver SSL certificates for ECC (Elliptic Curve Cryptography) and ECDSA ?

Yes, all SSL certificates from COMODO also support ECC (Elliptic Curve Cryptography), to be more...

Perfect Forward Secrecy - Apache SSL/TLS Strong Encryption How-To

TL;DR: edit /etc/apache2/mods-enabled/ssl.conf and specify ciphers like this: # enable only...