Mozilla reverses course on SHA-1
Mozilla has reversed its move to reject SHA-1 certificates outright, after noticing that some “man-in the-middle” devices cannot connect to HTTPS sites.
Mozilla has reversed its move to reject SHA-1 certificates outright, after noticing that some legitimate “man-in the-middle” devices, such as some security scanners and antivirus products, are unable to connect to HTTPS sites.
Firefox started to reject SHA-1 certificates Jan. 1. But in a Mozilla security blog post, Firefox security lead Richard Barnes wrote, “When a user tries to connect to an HTTPS site, the man-in-the-middle device sends Firefox a new SHA-1 certificate instead of the server's real certificate. Since Firefox rejects new SHA-1 certificates, it can't connect to the server.”
The company suggested Firefox users affected by the change update to the latest version of Firefox or change value on their local copy of Firefox, located at about:config and change the value of “security.pki.sha1_enforcement_level” to 0. Either method will reinstate all SHA-1 certificates.
The move comes just as a research paper this week discovered a new category of “transcript” collision attacks affecting exchange protocols. The paper, written by researchers at INRIA, warned that an attacker could implement a collision attack on key exchange protocols in about one hour.
Research published in October set off renewed calls to deprecate SHA-1. Mozilla has been – until now – among the most proactive browsers advocating rejection of SHA-1 certificates.
UPDATE: Barnes reiterated the company is "not reversing course," but still intends "to remove support for new SHA-1 certificates again as soon as we have data to confirm that the MitM issues are resolved."