Protect Chrome users from attackers who might use the broken SHA-1 hash algorithm to obtain counterfeit website authentication certificates.

Documentation

• https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html
• https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html
• https://sites.google.com/a/chromium.org/dev/Home/chromium-security/education/tls/sha-1

Status in Chromium

Blink components: Internals>Network>Certificate

Removed (tracking bug) in:

• Chrome for desktop release 56
• Chrome for Android release 56
• Android WebView release 56

Consensus & Standardization

• Firefox: Positive
• Edge: Positive
• Safari: In development
• Web Developers: No signals

Owners

• awhalley@chromium.org
• rsleevi@chromium.org

Last updated on 2020-11-09