You may have seen that SHA-1 (Secure Hash Algorithm) is being phased out, and this is a good thing generally. SHA-1 is becoming dangerously weak and is pretty old now so it’s time for a replacement.
“Microsoft and Google announced SHA-1 deprecation plans that may affect websites with SHA-1 certificates expiring as early as after December 31, 2015.”
At the time of writing apparently 90% of Websites using SSL are using SHA-1. So, say hello to SHA-2 which is now very widely supported, notably:
- Chrome 26+
- Firefox 1.5+
- Internet Explorer 6+ (With XP SP3+)
- Konqueror 3.5.6+
- Mozilla 1.4+
- Netscape 7.1+
- Opera 9.0+
- Safari 3+
Firstly, how to check what SSL you have. You can either click on the certificate and look into the certificate details or you can use these sites:
I tend to lean towards 123-reg for cheap and cheerful certificates, I found this article which suggest that SHA-2 is supplied 123-reg by by default. When I ran the “Reissue Certificate” command, SHA-2 was enabled by default. (I also confirmed this via Live Chat).
If you’re still using SHA-1 then it’s probably time to start acting on it – always be prepared.
At the time of writing these sites were still using SHA-1:
In fact, I found it tricky so find any none SHA-1 websites: