Yes, it’s time to add on another post about SSL certificates. I suppose I could have gone back through all of the posts and corrected the titles to “Part x of 4,” But, in the spirit of Douglas Adams, whose book Mostly Harmless was advertised as “the fifth book in the increasingly inaccurately named HitchHiker Trilogy,” I decided to let it stand.
This post is about something that may affect you in the next 30 days or so…or may have already started affecting you.
Back in Part 2 of the series, we talked about how your computer determines whether an SSL certificate is valid. Certificates are “signed” by treating the contents of the certificate as a big binary number (which is how your PC sees it anyway), and running a particular mathematical algorithm on it. Traditionally, that algorithm was something called “SHA-1,” and it resulted in something called a “hash value.” A hash value is somewhat unique in that (1) it is mathematically impossible, at least in theory, to work the algorithm backwards – in other words, you can’t start with the hash value and figure out computationally what the original number was that generated that particular hash value, and (2) it is also theoretically impossible to alter the original number without also altering the hash value. So, as we explained in the earlier post, the certificate is signed by running the SHA-1 algorithm on the contents of the certificate, and then encrypting the resulting hash value using the private key of the next higher certificate in the chain of trust. To validate the signature, your PC runs the same SHA-1 algorithm on the contents of the certificate to get a hash value. It then decrypts the encrypted hash value that was transmitted with the certificate using the public key of the next higher certificate in the chain of trust, and compares the two hash values. If they match, the signature is validated.
But the world of computing moves on. Computers continue to get faster and more powerful, thus more able to feasibly execute “brute force” attacks that consist of simply trying every possible value until they find the one that works, and to better exploit certain mathematical weaknesses that have been identified in the SHA-1 algorithm. For this reason, the world is moving to certificates signed using the SHA-2 algorithm (technically, in most cases we’re talking specifically about SHA256, which is a member of the SHA-2 family of algorithms), which generates a 256-bit-long hash value as opposed to the 160-bit-long output of SHA-1.
“So what?” you say. How does that affect you and why should you care?
You should care because the major browser vendors are going to stop supporting certificates signed with SHA-1. Already, Firefox and Chrome will give an “untrusted connection” certificate error if you try to connect to a site with a SHA-1 certificate. Likewise with Microsoft Edge and IE v11 – but Microsoft is going to go further and actually block SHA-1 certificates. This was supposed to happen as part of the February 14 “Patch Tuesday” updates, but Microsoft recently announced that the updates scheduled for February 14 will instead be delivered as part of the March “Patch Tuesday” updates, so you’ve got another month to go. Last I heard, Safari had not specifically announced a “drop-dead” date for when they would begin considering SHA-1 certificates as insecure, but you can bet it will be soon.
It is worth noting that, at the moment, this deprecation affects certificates that chain up to a root certificate that is part of the respective browser manufacturer’s “trusted root certificate” program. Certificates that are manually imported, or issued by a private corporate certificate authority should continue to work.
As a consumer, this probably won’t affect you very much, although you may see certificate warnings pop up if you visit sites that haven’t updated their certificates…and at least you now know why you’re getting the warnings and can decide whether to override them. But if you’re a business – particularly if you’re doing any kind of e-commerce – the last thing in the world you want is for your customers to come to your Web storefront and get a warning that your site is potentially not secure. If you’re lucky, and they happen to be followers of this blog, perhaps they’ll recognize what’s going on, and do business with you anyway…but don’t bet on it. (I’d love to be that influential, but the fact is that I’m not.)
The takeaway is that if you use commercially-obtained SSL certificates in your business, you need to inventory them and make sure that you update any older SHA-1 certificates to the newer SHA256 certificates.
Here are some more Web resources for you:
- Microsoft’s statement on SHA-1 deprecation: https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/
- Google’s statement on SHA-1 deprecation: https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html
- Mozilla’s statement on SHA-1 deprecation: https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
- A helpful InfoWorld article on the SHA-1 deprecation issue