Bulletproof TLS Newsletter #22
TLS 1.3 in final stages and SHA-1 deprecation
30 November 2016
Author: Hanno Böck

This issue was distributed to 32,041 email subscribers.

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space.

In this issue:

  1. TLS 1.3 in final stages
  2. SHA-1 finally on its way out
  3. Other news

TLS 1.3 in final stages

The next version of the TLS protocol is nearing completion. There was again a debate on whether it should be rebranded and called TLS 2 or TLS 4. During the IETF conference in Seoul, a majority voted to keep the name TLS 1.3, but on the working group mailing list many people were in favor of the name TLS 4.

Representatives from the financial industry had previously raised concerns that the removal of the RSA key exchange in TLS 1.3 would remove the possibility to decrypt TLS traffic in data centers (mentioned in our September newsletter). This discussion led to a proposal on how to use static Diffie-Hellman ephemeral keys to achieve something similar.


SHA-1 finally on its way out

Web site owners who still use certificates with the SHA-1 algorithm should replace them as soon as possible. Starting from January, Mozilla will reject such certificates with Firefox 51 if they chain to a publicly trusted root. Manually added roots can still use SHA-1.

Chrome plans to do the deprecation with version 56, to be released by the end of January. Chrome provides an option to allow an exception for locally added root certificates, however, that option will be removed in 2019. Microsoft plans the deprecation of SHA-1 for February 2017. Similarly to Mozilla, locally added roots will be exempted from this rule.

On the mailing list of the CA/Browser Forum Mozilla also announced stricter rules for the use of SHA-1 signatures with browser-trusted certificates for other use cases. That includes among others S/MIME (e-mail encryption) certificates and signatures on OCSP responses.


Other news