Mozilla re-enables SHA-1 certificates in Firefox

Recently, Mozilla announced that they will discontinue support for SHA-1 certificates in the Firefox browser on January 1, 2016. Firefox 43 started rejecting new SHA-1 certificates, this affected users in man in the middle devices.

“However, for Firefox users who are behind certain “man-in-the-middle” devices (including some security scanners and antivirus products), this change removed their ability to access HTTPS websites.” Richard from Mozilla uploads he said in a blog post published on your security blog.

Apparently, users using MitM software are unable to access encrypted websites.

“When a user tries to connect to an HTTPS website, the man-in-the-middle device sends Firefox a new SHA-1 certificate instead of the server’s actual certificate. Since Firefox rejects new SHA-1 certificates, it cannot connect to the server.”

To estimate the number of affected users, Mozilla decided to allow or re-enable SHA1 certificates in the browser, releasing Firefox 43.0.4. Behind the scenes this changes about: configuration preference security.pki.sha1_enforcement_level value for 0, as a result, Firefox accepts all SHA-1 certificates.

How do you know if you are affected?

If you are unable to access HTTPS or secure websites in Firefox browser, after opening any HTTPS link in browser, please visit Advanced section under Options and check the error code SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED”, if you can see the error code then you are affected.

Then you need to download the latest version of Firefox from another browser and install it on your computer. If you don’t want to reinstall Firefox again, just set the security.pki.sha1_enforcement_level preference value to zero.

The company reiterates that it is committed to removing support for SHA-1 certificates from the Firefox browser.

Related Posts

Leave a Reply

Your email address will not be published.