Google has announced a two-step plan by which it intends to discontinue support for SHA-1 certificates over the course of the next year.
Researchers Lucas Garron (Chrome security) and David Benjamin (Chrome networking) articulate the Alphabet subsidiary’s reasoning in a blog post published last Friday:
“As announced last September and supported by further recent research, Google Chrome does not treat SHA-1 certificates as secure anymore, and will completely stop supporting them over the next year,” the post begins. “Chrome will discontinue support in two steps: first, blocking new SHA-1 certificates; and second, blocking all SHA-1 certificates.”
As Peter Bright of Ars Technica notes, faster computing times have led to a drop in the cost of creating fraudulent certificates that use the SHA-1 hashing algorithm. Estimates back in 2012 originally predicted that such certificates would be cheap to forge by the beginning of 2018. However, newer research suggests that the costs could drop well before then, a finding which has led Google to announce its two-step plan.
Under the first step, Google will welcome 2016 by having a certificate error display in Chrome version 46 if a leaf certificate is signed with a SHA-1-based signature, is issued on or after January 1, 2016, and chains to a public CA.
Later in 2016, after Google releases a new version of Chrome, a similar error will be displayed for leaf certificates that contain an intermediate or leaf certificate signed with a SHA-1-based signature, contain an intermediate or leaf certificate issued on or after January 1, 2016, and chain to a public CA.
The second step of Google’s plan involves a little more drastic action:
“Starting January 1, 2017 at the latest, Chrome will completely stop supporting SHA-1 certificates,” Garron and Benjamin explain. “At this point, sites that have a SHA-1-based signature as part of the certificate chain (not including the self-signature on the root certificate) will trigger a fatal network error. This includes certificate chains that end in a local trust anchor as well as those that end at a public CA.”
The duo does note, however, that Google could move this date up to July 1 of next year.
In light of all of these changes, site operators are urged to make sure that their servers use SHA-2 certificates and follow TLS best practices. Google also advises that operators support non-RC4 cipher suites, as Google (along with Microsoft Edge and Mozilla) intend to end support their support of these suites for TLS connections in the next few years.
Meanwhile, providers of threat intelligence are urged to generate multiple hash types, including SHA-1, for every file of intelligence they create. David Meltzer of Tripwire explains more here.