Stop Trusting SHA-1 Certificates (removed)

Protect Chrome users from attackers who might use the broken SHA-1 hash algorithm to obtain counterfeit website authentication certificates.

Documentation

• https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html
• https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html
• https://sites.google.com/a/chromium.org/dev/Home/chromium-security/education/tls/sha-1

Status in Chromium

Blink components: Internals>Network>Certificate

Removed (tracking bug) in:

• Chrome for desktop release 56
• Chrome for Android release 56
• Android WebView release 56
• Opera release 43
• Opera for Android release 43

Consensus & Standardization

• Firefox: Public support
• Edge: Public support
• Safari: In development
• Web Developers: No signals

Owners

• awhalley@chromium.org
• rsleevi@chromium.org

Last updated on 2017-06-14