2 Replies
      Latest reply: Oct 13, 2016 7:49 AM by sylvainfromnantes RSS
      sylvainfromnantes Level 1 Level 1 (0 points)

        Hi all,

         

        Does anyone knows if, when and how Safari will deprecate SHA-1 algorithm for websites?

         

        With Sierra update, I noticed that SHA-1 signed certificates websites already appears as insecure (no locker in URL bar).

         

        Will this policy be enforced by completly blocking access to theses websites, starting January 2017 like with Chrome or Firefox?

         

        In the Sierra 10.12 release notes (https://developer.apple.com/library/content/releasenotes/MacOSX/WhatsNewInOSX/Articles/OSXv10.html), under 'Security and Privacy Enhancements' topic, I can read :

        'SSLv3 cryptographic protocol and the RC4 symmetric cipher suite are no longer supported, starting at the end of 2016. It's recommended that you stop using the SHA-1 and 3DES cryptographic algorithms as soon as possible.'

         

        Stopping SHA-1 seems to be recommended but not mandatory... until when?

         

        Thanks for all your answers,

         

        Regards,

         

        Sylvain