在明年一月的 Google Chrome 56 將會停止支援 SHA-1 SSL Certificate:「SHA-1 Certificates in Chrome」,唯一的例外是自己建立的 CA,主要是給企業內部用的:
Starting with Chrome 54 we provide the
EnableSha1ForLocalAnchors
policy that allows certificates which chain to a locally installed trust anchor to be used after support has otherwise been removed from Chrome.
但安全性的標示不會是綠色的鎖頭:
Features which require a secure origin, such as geolocation, will continue to work, however pages will be displayed as “neutral, lacking security”.
使用 SHA-1 程式碼的完全移除預定在 2019 年 (大約兩年多):
Since this policy is intended only to allow additional time to complete the migration away from SHA-1, it will eventually be removed in the first Chrome release after January 1st 2019.
但如果對 SHA-1 攻擊有重大突破的話也會考慮提前:
We may also remove support before 2019 if there is a serious cryptographic break of SHA-1.