Akamai on Wednesday announced that as of Dec 27, 2016 it will no longer support SHA-1 certificates, after only handing out SHA-256 certificates for a period of time starting Nov. 3.
Last year, a team of security researchers demonstrated that the cost of breaking the SHA1 cryptographic hash function is much lower than previously believed, and tech companies decided to act upon that fast. As a result, Google, Mozilla and Microsoft announced plans to retire SHA-1 in their browsers. Firefox will soon display an error message when encountering SHA-1 certificates.
As of Jan. 1, 2016, most Certificate Authorities no longer issue SHA-1 certificates and the move away from the insecure standard is expected to be completed by Jan. 1, 2017. And with Chrome, Firefox, Internet Explorer and Edge also killing support for the hash function, the only obvious step is to follow suit, Erik Nygren, Fellow and Chief Architect in the Akamai Platform, notes.
Akamai switched to RSA SHA-256 certificates in early 2015 and now says that over 95% of the customer certificates served on Akamai's Secure CDN have moved to RSA SHA-256. Even so, custom clients or applications that break when the SHA-1 certificate rotates into a SHA-256 certificate continue to emerge, and available options are limited, Nygren says.
One issue that could emerge from the sunset of SHA-1 in browsers is user’s inability to access their preferred websites, provided that these didn’t transition away from SSL certificates using the SHA-1 cryptographic hash function. Thus, companies such as Facebook, CloudFlare, and even Twitter called for a delay in moving away from SHA-1 certificates.
Akamai too has been “trying to stretch out SHA-1 support as far as safely possible,” Nygren notes, especially since the company still sees a significant number of handshakes completing and using SHA-1. Handing out SHA-1 will cease being possible at the end of 2016, because it would involve serving an expired or invalid certificate to clients (although they might not support SHA-256, they are likely to display an error when encountering an expired certificate).
“To avoid making the change to our shared certificate on New Year's Eve, we will be shutting off the SHA-1 certificate, and will always hand out an RSA SHA-256 or ECDSA SHA-256 certificate, on or around December 27. Additionally, on November 3, we will be only handing out SHA-256 certificates for a period of time. The goal is to help customers identify a dependance on SHA-1 and give them time to make changes ahead of end-of-year freezes,” Nygren says.
Some companies might have a local CA root signing certificate for internal sites, but they too are advised to make sure that SHA-1 certs are no longer in use. While some browsers might have exceptions for these locally installed CA roots, others don’t. Chrome, for example, will return a fatal network error even in these cases.
At this point, the industry is determined to sunset SHA-1 at the end of 2016/beginning of 2017, yet SHA-1 root certificates that perform signatures with SHA-256 will continue to work. “This is because the risk exposure is around performing signatures over a hash function where two certificate inputs can be readily found that hash to the same value,” Nygren explains.
He also notes that all site admins should make sure that they have rotated over to using SHA-256 certificates before the end of the year draws nearer. Applications or devices relying on Akamai's shared certificate should be tested for handling SHA-256 certificates, so that no disruption appears when Akamai drops SHA-1 support.
Related: New Collision Attack Lowers Cost of Breaking SHA1