The end of SHA-1 on the Public Web
Published 2017-02-23 originally at Mozilla's Security Blog and cross-posted here.
Our deprecation plan for the SHA-1 algorithm in the public Web, first announced in 2015, is drawing to a close. Today a team of researchers from CWI Amsterdam and Google revealed the first practical collision for SHA-1, affirming the insecurity of the algorithm and reinforcing our judgment that it must be retired from security use on the Web.
As announced last fall, we’ve been disabling SHA-1 for increasing numbers of Firefox users since the release of Firefox 51 using a gradual phase-in technique. Tomorrow, this deprecation policy will reach all Firefox users. It is enabled by default in Firefox 52.
Phasing out SHA-1 in Firefox will affect people accessing websites that have not yet migrated to SHA-2 certificates, well under 0.1% of Web traffic. In parallel to phasing out insecure cryptography from Firefox, we will continue our outreach efforts to help website operators use modern and secure HTTPS.
Users should always make sure to update to the latest version of Firefox for the most-recent security updates and features by going to https://www.mozilla.org/firefox.
Questions about Mozilla policies related to SHA-1 based certificates should be directed to the mozilla.dev.security.policy forum.