19.5% of HTTPS sites trigger browser warning as they use SHA-1 signed certificates
19.5% of HTTPS-enabled sites in Alexa's Top 1 Million trigger or will trigger a Chrome security warning because they use the now deprecated SHA-1 signature algorithm to sign their HTTPS certificates. Soon those sites will be flagged by all major browsers as insecure.
Last year, browser vendors (Mozilla, Microsoft, Google) agreed to deprecate the use of SHA-1 to sign HTTPS certificates. The reached consensus is that certificates signed using SHA-1 should not be issued after January 1, 2016, or trusted after January 1, 2017. This deprecation was motivated by the growing concerns over SHA-1 security and the possibility of an attacker forging a rogue certificate to intercept HTTPS traffic.
Understanding the SHA-1 deprecation policy
Each browser has defined its own timeline to deprecate SHA-1. Currently Chrome is the only browser (with Firefox following soon) that displays a warning for SHA-1 signed certificates. Chrome use the rules outlined below to decide what to display to the users:
- Signed with SHA256: considered secure (normal green SSL indicator)
- Signed with SHA1 and expire in 2015: considered secure (normal SSL indicator)
- Signed with SHA1 and expire in 2016: considered somewhat insecure (secure but with minor errors). Note that Chrome 40 flags site with certificate expiring after June 1st 2016 and Chrome 41 will flag certificates that expire after January 1st 2016.
- Signed with SHA1 and expire 2017 and beyond: Site marked as “neutral lack of security” (same as an HTTP site). Later this year, this will be degraded to “positively insecure” with the release of Chrome 40 and Chrome will display a red warning.
Concretely, here is what users see in their address bar today and what they will see when Chrome 41 is released later this year:
How this deprecation affects the Web?
The result of our analysis is visible in the graph below. Overall, 19.5% of the Alexa Top 1 Million HTTPS sites are or currently marked (or will be when Chrome 41 is out) as mildly insecure, as their certificates expire in 2016 and use the SHA-1 signature algorithm. Most concerning, 35% of those insecure certificates expire in 2017 or later, and site owners may be unaware that they need to replace their certificate.
A significant number of sites (41.6%) use certificates that expire within the next year. Unfortunately, it’s unclear whether these sites will redeploy a SHA-1 certificate, or upgrade to a SHA-256 signed certificate. The good news here is that the majority (66.84%) of the certificates issued in January 2015 (~15K certificates) were signed using SHA-256. Unfortunately, the remainder were resigned using SHA-1.
How do I make my HTTPS certificate future proof?
To ensure that your certificate is future proof and you won’t be classified as insecure, the next time you renew your certificate, make sure it has a SHA-256 signature. If you are unsure if your certificate is using SHA-256 or SHA-1, there are two simple ways to test: use SSLabs’ SSL Server Test to scan your site or simply visit your site with Chrome and look at the certificate.
To test with Chrome, navigate to your site, click on the lock icon, navigate to the connection tab then click on the certificate information link, as shown below.
In the certificate box, look for Signature Algorithm. It should be either SHA-1 or SHA-256 as visible in the screenshot below. If you have SHA-256 you are all set, if it is SHA-1 you need to re-issue your certificate. CA frequently allow certificates to be reissued free of charge, so there is no reason not to upgrade immediately.
Let me know if you knew about this deprecation and how you are handling it on your favorite social network by clicking one of the link below. If you find this post useful, don’t forget to share it. We want to see everyone moving to SHA-256.