Submitted via IRC for TheMightyBuzzard
Starting with Chrome 56, planned to be released to the wider public at the end of January 2017, Google will remove support for SHA-1 certificates.
"The SHA-1 cryptographic hash algorithm first showed signs of weakness over eleven years ago and recent research points to the imminent possibility of attacks that could directly impact the integrity of the Web PKI," Chrome Security team member Andrew Whalley explained.
“Website operators are urged to check for the use of SHA-1 certificates and immediately contact their CA for a SHA-256 [i.e. SHA-2] based replacement if any are found,” he advised.
Certificate Authorities stopped issuing SHA-1 signed SSL/TLS certificates on January 1, 2016, but some of them are still valid.
Source: https://www.helpnetsecurity.com/2016/11/17/browsers-stop-sha-1-certificates/
(Score: 1) by manyon on Saturday November 19 2016, @12:37AM
popular browser hey, so i'll be okay as i use internet explorer :-)