Upgrade Browsers and Operating Systems for a Post-SHA1 Internet

One of my aunts who has been using her very old laptop for paying monthly bills had been having trouble even accessing any of those bill payment web sites. So she called the internet provider company and the technicians checked all the cables, checked her laptop before finally concluding that those sites could have their servers down and everything should work fine after a day or two. So after waiting out for three days, she called me and I figured out that internet was working okay but her operating system (Windows XP) and web browser (Internet Explorer 7) were outdated and did not support the new SHA2 SSL certificates that the web sites have now been using.

This is going to happen more and more as almost all the sites offering encrypted connections switch from the vulnerable SHA1 based certificates to much safer SHA2 algorithm. The problem with SHA1 is that it can be easily attacked using the well known birthday collision technique. Even though for this kind of attack, the attacker must use an expensive array of powerful computers but with improvements in the information technology the time and cost will reduce drastically in near future.

SHA1 Certificate Error in Firefox

Starting from January 2017, Microsoft, Google and Mozilla are planning to stop supporting the SSL certificates that make use of the weak SHA-1 algorithm. This will force almost every web site that uses SSL certificates to upgrade to SHA-2. This means that you will not be able to access many different sites that have already upgraded to SHA-2 (also called SHA-256) based SSL certificates using your older web browsers. So in order to make sure that you can access websites in the future, you have to upgrade both your operating system and web browsers. Why operating systems, you may ask? The thing is that the latest versions of web browsers cannot really be installed on older operating systems. For example, you cannot install the newest version of Mozilla Firefox on Windows XP or even Vista. So you must first upgrade the operating system and then install the new version of web browser in it.

Upgrade to SHA-256 Ready Browsers

If you cannot upgrade your Windows operating system at the moment, then perhaps you might want to download a lightweight flavor of Linux like Puppy Linux. It not only runs on relatively older computers, but it does come with an updated version of Firefox browser. For computers bought after 2007, you can use full featured Linux like Lubuntu which is basically the well known Ubuntu Linux but requires very few resources.

Conclusion: With SHA1 based SSL certificates being blacklisted by all the major web browsers, you should quickly upgrade your web browsers and the operating system too if it is required.