SHA-1 cutoff could block millions of users from encrypted websites

Millions of Web users could be left unable to access websites over the HTTPS protocol if those websites only use digital certificates signed with the SHA-2 hashing algorithm.

The warning comes from Facebook and CloudFlare as browser makers are considering an accelerated retirement of the older and increasingly vulnerable SHA-1 function.

The two companies have put mechanisms in place to serve SHA-1 certificates from their websites to old browsers and operating systems that don’t support SHA-2, but are still widely used in some regions of the world.

These include Windows versions older than Windows XP with Service Pack 3, Android versions older than 2.3 (Gingerbread) and any applications that rely on OpenSSL 0.9.8 for encrypted communications.

To read this article in full or to leave a comment, please click here