Mozilla strangling SHA-1

One does not simply turn off a once-ubiquitous part of the Internet's infrastructure, but Mozilla's taken another step towards eliminating the SHA-1 hash.

Its latest move in the incremental deprecation of the long-since-cracked SHA-1 is outlined here.

Early next year, any time Firefox sees an SHA-1 certificate chaining to a Mozilla CA root certificate, it will raise an “untrusted connection” error, teaching forcing the user to click though to continue.

“SHA-1 certificates that chain up to a manually-imported root certificate, as specified by the user, will continue to be supported by default; this will continue allowing certain enterprise root use cases, though we strongly encourage everyone to migrate away from SHA-1 as quickly as possible”, writes J C Jones, who heads Mozilla's crypto engineering.

The policy will ship as an option in Firefox 51, due in January 2017. ®

Biting the hand that feeds IT © 1998–2022