theGANOUSH Posted October 9, 2014 Share Posted October 9, 2014 Hello: Does anyone have any opinions and strategies for this upcoming change? http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html Quote Link to comment Share on other sites More sharing options...
cooper Posted October 9, 2014 Share Posted October 9, 2014 (edited) Jeez. Over a month old and this is the first I've heared about it. Forwarded it to our security officer with the suggestion to do some sort of audit on our servers, make sure none of those are in use anymore. Naively I would think that so long as you don't re-encrypt on your proxy (MITM your network wrt HTTPS traffic) this shouldn't be a biggie. But then, I'm just a dev. Edited October 9, 2014 by Cooper Quote Link to comment Share on other sites More sharing options...
Dec100 Posted October 10, 2014 Share Posted October 10, 2014 We're creating new certificates for all our public facing systems using SHA256. Our external CA company is letting us do this for free, so I'd imagine most of the big ones are too. Aside from the actual weakness in SHA1, the big issue is the drop in confidence visitors using Chrome may have in your site when they see the warnings. Internally, depending on your circumstances (what are you using internal certs for, do your users use Chrome), it may be less of an immediate issue. You can check what algorithm your certs use in the details tab, or check your SSL sites using an online checker: https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.