SHA-1 To Be Depreciated In Chrome
Google® plans to deprecate SHA-1 in a unique way on upcoming releases of Chrome starting with version 39. Considerably different from Microsoft’s plans that were announced in November 2013, Google® plans on placing visual marks or placing a block within the browser; all based on the version of the browser, date of use and the SSL Certificate expiration date.
Important Facts
SHA-1 is still safe to use, but critics say its long term ability to stand up to collision attacks is questionable.
SHA-2 is the next hashing algorithm to be used. If your end entity or intermediate SSL Certificates are SHA-1, it might be a good idea to exchange them now.
This is an industry wide issue and affects all Certification Authorities.
All SHA-1 end entity SSL Certificates and additionally any SHA-2 end entity SSL Certificates chaining up to an SHA-1 intermediate are affected. SHA-1 root certificates are not affected by either Microsoft’s or Google’s SHA-1 deprecation plan.
All SSL Certificates issued by Trustico® before 1 October 2014 were likely issued with the SHA-1 hashing algorithm. Trustico® offers free replacements for affected SSL Certificates with an expiry date beyond 1 January 2016.
SSL Certificates with an expiration date before 1 January 2016 are not affected and do not need to be replaced.
What We Expect To See With Future Chrome Releases
The guide below outlines Google's depreciation program via its Chrome browser. Release dates should be used as a guide only, however, any beta versions of Chrome 39, 40, 41 and beyond are affected immediately.
Chrome 39 (November 2014)
Any SHA-1 SSL Certificate, on a page, that expires on or after 1 January 2017 will be treated as "secure, but with minor errors". The lock within the address bar of the browser will have a yellow arrow over the lock as in this example provided by Google® :