Jump to content

Google's SHA-1 Deprecation

Recommended Posts

Jeez. Over a month old and this is the first I've heared about it.

Forwarded it to our security officer with the suggestion to do some sort of audit on our servers, make sure none of those are in use anymore.

Naively I would think that so long as you don't re-encrypt on your proxy (MITM your network wrt HTTPS traffic) this shouldn't be a biggie. But then, I'm just a dev.

Edited by Cooper
Link to comment
Share on other sites

We're creating new certificates for all our public facing systems using SHA256. Our external CA company is letting us do this for free, so I'd imagine most of the big ones are too. Aside from the actual weakness in SHA1, the big issue is the drop in confidence visitors using Chrome may have in your site when they see the warnings.

Internally, depending on your circumstances (what are you using internal certs for, do your users use Chrome), it may be less of an immediate issue.

You can check what algorithm your certs use in the details tab, or check your SSL sites using an online checker: https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...