In a blog post yesterday, the Microsoft Edge Team detailed an upcoming change coming to Edge and Internet Explorer. Both of the company’s browsers will start blocking access to SHA-1 encrypted sites early next year — on Valentine’s Day, to be exact. The company actually announced this change back in November 2015, and it’s finally ready to block sites with SHA-1 certificates. In the blog post, Microsoft quickly briefed SHA-1’s issues:
The SHA-1 hash algorithm is no longer secure. Weaknesses in SHA-1 could allow an attacker to spoof content, execute phishing attacks, or perform man-in-the-middle attacks when browsing the web. Microsoft, in collaboration with other members of the industry, is working to phase out SHA-1.
The software giant will start displaying an invalid certificate starting February 14, 2017, but it will not prevent a client using an SHA-1 signed certificate from being used in a client authentication. You can know more about the change on Microsoft’s official blog post here.