New SSL Certificates, SHA256, and Backwards Incompatibility: What to Do?
“Thanks to Google,” web sites around the world are updating their SSL certificates to use a newer “hashing” algorithm called “SHA256”. Indeed, all new SSL certificates that LuxSci obtains for its customers will use SHA256, going forward (unless you don’t want that).
Read on to discover why this change is happening, what it means, why everyone is upset with Google for forcing the issue, and what your options are.
What’s the problem?
SHA1 is a method for making digital signatures and is used in the SSL certificates by most sites on the web. There is currently no security issue with SHA1 and computer power is not expected to be sufficient to “crack” SHA1 until sometime in the 2020s. In fact, Microsoft has stated, and the Internet community has agreed back in 2013, that it should be phased out by 2017 … well before the danger zone and giving folks plenty of time to transition.
Note: There is currently no known issue with SHA1 or any expectation that it is vulnerable or can be compromised now.
What is Google Doing?
Google, for unstated reasons (other than that they think SHA1 is insecure) has decided to force people to update to SHA1’s successor: “SHA256”. Its doing this though the Google Chrome browser.
- Starting in November, 2014, users of the most recent version of Chrome who visit web sites which use SHA1 certificates that expire on or after 7/2016, will see the secure “Lock” symbol have a yellow triangle indicating that the site is not really secure (even though that is not true).
- Starting in November, 2014, similar users visiting sites using SHA1 certificates that expire after 1/1/2017, will show those sites as being completely insecure (e.g. a red address bar).
- Starting in January, 2015, users of the most recent version of Chrome who visit web sites which use SHA1 certificates that expire on or after 1/1//2016, will see the secure “Lock” symbol have a yellow triangle indicating that the site is not really secure (even though that is not true).
So, Google is using Chrome to tell end users that a site is secure or insecure based on when that site’s SSL certificate expires. Two sites, both using SHA1 and otherwise identical — one will look fine and one will look “insecure” based only on the “insecure” site having a certificate that expires further in the future.
This is blatantly lying to end users and causes confusion in what is “secure” or not via the browser. Further clouding the issue is the fact that Google uses SHA1-based certificates pervasively across its infrastructure currently (and these all expire in 3 months and are auto-replaced with new 3-month certificates, so they are not affected by their own warning labels). A bit of a double standard.
Why is Google Doing This?
Google’s stated purpose is to create a “slow emergency” and to force the Internet to update to the more secure SHA256 version sooner rather than later. They don’t want what happened with MD5 to happen to SHA1 (with MD5, a vulnerability was found while everyone was still using it and everyone had to scramble to update).
However, Google announced this in August and that gave everyone only 90 days to get their SSL certificates in shape. This is the real problem. 90 days is really, really short notice, especially for companies with 1000s of certificates to update.
Another possibility is that Google “knows something” it can’t talk about. E.g. maybe it knows of a problem with SHA1 and its trying to force everyone to update without revealing the problem. This is conceivable, but less likely especially considering the fact that Google is still using SHA1 across all of its servers.
So, its very unclear why Google is forcing this with such a short timeline. The Internet community is very unhappy with Google for doing this … and for doing it right before the Holiday online shopping season as well!
What is the Down Side of Upgrading to SHA256?
So, fine, we need to make sure our certificates that expire in 2016 or later are using SHA256. This means we either get new certificates now for ones that are in use and which are expiring then, or we get SHA256 when we next renew. The first is annoying as we are forced to update things “now” rather than waiting for the normal update time… The latter is no big deal.
But there is somewhat serious a catch.
SHA256 is not supported by Computers running Windows 2000 or Windows XP before Service pack 3. So, folks using Internet Explorer 6, 7 or 8 on Windows XP who have not updated to SP3 can’t use SHA256.
What does that mean? It means that if you update to an SSL certificate with SHA256, then any of these folks that tries to visit your secure web page will completely fail to load the page as they will not be able to do the encryption.
Sure, support for Windows XP SP2 ended 4 years ago, support for Windows XP altogether ended in April. People “should not be using” XP and if they do … they have pretty serious security issues to worry about. However, lots of people still are. We note that as of September, 23% of desktops still use Windows XP … and probably a significant fraction of those are not up to SP3 yet.
So do you choose the rock or the hard place?
- Update to SHA256 so you look secure in modern Google Chrome, or
- Keep using SHA1 for the time being since its “fine” and keep compatibility with old XP visitors
This problem is made worse by Google’s move earlier this year “forcing” web sites to use SSL for all web pages in order to maximize their ranking in search engines. For sites that now use SSL pervasively, SSL-compatibility is even more critical.
Recommended Choice for Maximum Compatibility
If you are concerned about compatibility with Windows XP folks and your current certificate expires in 2016 or later or early in 2015 (or if you are thinking of buying a new certificate), then you should purchase a NEW 1-year certificate using SHA1 and have it issued BEFORE 12/31/2014.
This will ensure that it is compatible with everyone, will not cause warnings in Chrome, and will defer this XP compatibility issue by 1 year when hopefully, hopefully, there will be many fewer XP users and you will have a much better case for cutting them off (and they will have had a lot of warning and chance to move on).
What LuxSci is Doing
Most of our customers get 1-year long certificates. These are all still unaffected by Chrome’s changes (as they expire before 2016). It is only new 1-year certificates and renewals made after 1/1/2015 that will be affected if SHA1 is used.
LuxSci is issuing all new SSL certificates using SHA256. If you want one that uses SHA1, please ask explicitly.
If you have an SHA256 certificate and decide that you want to switch back to SHA1, LuxSci can re-issue your certificate for you at no additional cost … though this can take a few days (as the certificate has to be re-submitted, re-verified by you, and re-installed).
LuxSci itself will be following the Maximum Compatibility guidelines, above…. paying extra to make sure that our users can access our sites.