Submitted via IRC for TheMightyBuzzard
"Beginning May 9, 2017, Microsoft released updates to Microsoft Edge and Internet Explorer 11 to block sites that are protected with a SHA-1 certificate from loading and to display an invalid certificate warning," the company announced.
The change, however, impacts only SHA-1 certificates that chain to a root in the Microsoft Trusted Root Program where the end-entity certificate or the issuing intermediate uses SHA-1. This means that enterprises or self-signed SHA-1 certificates won't be affected by this. They are, however, encouraged to migrate to SHA-2 based certificates as fast as possible.
"Microsoft recommends that all customers migrate to SHA-2, and the use of SHA-1 as a hashing algorithm for signing purposes is discouraged and is no longer a best practice. The root cause of the problem is a known weakness of the SHA-1 hashing algorithm that exposes it to collision attacks. Such attacks could allow an attacker to generate additional certificates that have the same digital signature as an original," the company notes.
Source: Microsoft Kills SHA-1 Support in Edge, Internet Explorer 11
(Score: 4, Funny) by julian on Saturday May 13 2017, @08:50AM
Both users of Edge unreachable for comment.