Apple Drops Support for SHA-1 Certificates in macOS Catalina and iOS 13

Discussion in 'Mac Blog Discussion' started by MacRumors, Jun 6, 2019.

  1. MacRumors, Jun 6, 2019
    Last edited by a moderator: Jun 6, 2019

    MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    In a new support document, Apple has indicated that macOS Catalina and iOS 13 drop support for TLS certificates signed with the SHA-1 hash algorithm, which is now considered to be insecure. SHA-2 is now required at a minimum.

    [​IMG]

    Apple says all TLS server certificates must comply with these new security requirements in macOS Catalina and iOS 13:
    • TLS server certificates and issuing CAs using RSA keys must use key sizes greater than or equal to 2048 bits. Certificates using RSA key sizes smaller than 2048 bits are no longer trusted for TLS.
    • TLS server certificates and issuing CAs must use a hash algorithm from the SHA-2 family in the signature algorithm. SHA-1 signed certificates are no longer trusted for TLS.
    • TLS server certificates must present the DNS name of the server in the Subject Alternative Name extension of the certificate. DNS names in the CommonName of a certificate are no longer trusted.
    Effective immediately, any connections to TLS servers violating these new requirements will fail and may cause network failures, apps to fail, and websites to not load in Safari in macOS Catalina and iOS 13, according to Apple.

    Google, Microsoft, and Mozilla all deprecated SHA-1 certificates in 2017.

    Article Link: Apple Drops Support for SHA-1 Certificates in macOS Catalina and iOS 13
     
  2. -Ray- macrumors regular

    -Ray-

    Joined:
    Jul 2, 2011
    Location:
    Pennsylvania
  3. vicviper789 macrumors regular

    Joined:
    Jun 5, 2013
  4. Sasparilla macrumors 65816

    Joined:
    Jul 6, 2012
    #4
    Nice to see them doing this.

    For an insecure encryption algorithm? I would hope they'd deprecate it (following Google, Firefox etc.).
     
  5. SteveOfTheStow macrumors member

    SteveOfTheStow

    Joined:
    Jan 24, 2018
    Location:
    London, UK
    #5
    There was an implicit /s in vicviper789's post ;)
     
  6. keysofanxiety macrumors G3

    keysofanxiety

    Joined:
    Nov 23, 2011
    #6
    I know, it's a disgrace. Little known fact: very few websites work well on Netscape Navigator either :mad:
     
  7. wtn macrumors newbie

    Joined:
    Feb 26, 2012
    Location:
    United States
    #7
    "Deprecated" is not a synonym for "removed."
     
  8. Soba macrumors regular

    Soba

    Joined:
    May 28, 2003
    Location:
    Rochester, NY
    #8
    I get your point and share the frustration, but it's not warranted in this case.

    Encryption algorithms have shelf lives, more or less. Weaknesses are periodically discovered that make them vulnerable to cracking or workarounds, as in this case. Generally these problems cannot be fixed in the way ordinary software is patched because the problems are not specific to any vendor and are simply fundamental flaws in the encryption mechanism; the only solution is abandonment of the encryption method and moving on to safer methods.

    SHA-1 is over 25 years old and has been known to have problems since at least 2005. Deprecating encryption methods that are known to be too weak or vulnerable is the right thing to do, and if anything, this move is long overdue.
    --- Post Merged, Jun 6, 2019 ---
    I miss Netscape. ;)

    I have to laugh at the 40-bit encryption we used in the late 90s (32-bit in some parts of the world). It wasn't thought overly safe even at the time, but that seems just silly, today.
     
  9. eatrains macrumors 6502

    Joined:
    Mar 11, 2006
    #9
    Is this satire?
     
  10. darngooddesign macrumors G3

    Joined:
    Jul 4, 2007
    Location:
    Atlanta, GA
    #10
    It’s impossible to tell if someone is being sincere or sarcastic on the internet; which is why we have ‘/s’.
     
  11. lunarworks macrumors 68000

    Joined:
    Jun 17, 2003
    Location:
    Toronto, Canada
    #11
    Remember when encryption-enabled Netscape was considered a "munition", and was barred from export from the US, so they had a plaintext-only version for the rest of the world?
     
  12. Kaibelf Suspended

    Kaibelf

    Joined:
    Apr 29, 2009
    Location:
    Silicon Valley, CA
    #12
    Any words about those other companies that did the same two years ago?

    And we cannot assume this is sarcasm considering how people are on the internet.
     
  13. Dave-Z macrumors 6502a

    Joined:
    Jun 26, 2012
    #13
    This is the one that I don't quite understand. First, subject alternative name is an optional x509 extension; why is it now being required by Apple? Second, the whole point of the subject alternative name is to provide an alternative name to that which is found in the common name. I know that when creating multi-domain certificates we list the first domain (in common name) in the subject alternative name, but if we're only using one domain, why would we even add the subject alternative name to the certificate?
     
  14. Westside guy macrumors 603

    Westside guy

    Joined:
    Oct 15, 2003
    Location:
    The soggy side of the Pacific NW
    #14
    I don't remember that. What I recall was US consumers being able to use 128-bit encryption in their browser while non-US consumers were limited to 40-bit encryption - due to the "munitions" argument.

    It's why Korean banks developed their own ActiveX-based banking tech, a security headache which persisted long after Microsoft said to the world "Uh... please stop using that".

    Fortunately someone eventually convinced the old farts who made those silly rules that there are plenty of smart people outside the US who are capable of writing their own web browsers capable of good encryption... so all setting those artificial restrictions did was hobble US-based browser makers.
     
  15. Superhai macrumors 6502

    Superhai

    Joined:
    Apr 21, 2010
    #15
    I remember this. And also that 128 bit versions of the browsers was widely available from piracy sites.
     
  16. mannyvel macrumors regular

    Joined:
    Mar 16, 2019
    Location:
    Hillsboro, OR
    #16
    Goodbye, Oracle!

    The only things that I remember that still use SHA-1 are older Oracle products and sites.

    What's amusing is that it'll be easier to connect to unsecured sites than SHA-1 sites, which is ridiculous because SHA-1 sites are marginally more secure than unsecured sites.
     
  17. dontwalkhand macrumors 603

    dontwalkhand

    Joined:
    Jul 5, 2007
    Location:
    Phoenix, AZ
    #17
    Bye bye to the idea of configuring old sonicwalls with a Mac.

    Sometimes when we order them they come with old OSes on them and we have to update them to get it to newer security.

    Time to keep an old PC around for this purpose I guess.
     
  18. mdriftmeyer macrumors 68030

    mdriftmeyer

    Joined:
    Feb 2, 2004
    Location:
    Pacific Northwest
    #18
    Great news. It's been broken for years.
    --- Post Merged, Jun 6, 2019 ---

    https://access.redhat.com/documenta...Standard_X.509_v3_Certificate_Extensions.html


     
  19. Dave-Z macrumors 6502a

    Joined:
    Jun 26, 2012
    #19
    Thanks, but I don't think that completely answers my question (unless I'm missing something).

    For example, it's common practice in businesses to have their own root certificate authority. They then issue certificates signed by that authority to private, internal servers. Each client device is configured to accept that private root certificate as trusted and can therefore (when connected to the company's LAN either locally or by VPN) visit myprivatesite.local and the site will be secure and trusted.

    If one is only issuing private server certificates in this context, there's really no need for SAN; but based on this MacRumors article Apple's devices wouldn't accept that because it needs that extension in the certificate. This makes no sense to me. Now I do get that it's standard practice to include the domain in the CN in the list of SANs, but not if there is literally one, single domain.

    (The same is true for public web sites that only need a certificate for one domain, though public CAs will handle most of this stuff for the web site owner.)

    Here's another thing not mentioned above:

    Sure in most cases no one is issuing certificates for that long, but why restrict the validity period? If I'm setting up something internally I should be able to do what I want as I can always revoke the certificates later if need be.
     
  20. dragoon2745 macrumors newbie

    dragoon2745

    Joined:
    Jul 12, 2017
    Location:
    Minneapolis, MN
  21. Shirasaki macrumors G3

    Shirasaki

    Joined:
    May 16, 2015
    #21
    I don’t understand the full implication here, but sounds like a deal breaker for a very small group of people (literally).
     
  22. mannyvel macrumors regular

    Joined:
    Mar 16, 2019
    Location:
    Hillsboro, OR
    #22
    It's not really a dealbreaker, it's just aggravating because anyone affected will need to pull up an old Windows VM to do anything with the devices. Everyone in the industry needs to do this occasionally, so it's not a big deal...it'll just take like 20-30 minutes (and the associated pain) instead of 1-2.
     
  23. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #23
    What will happen when I connect to my "insecure" local webserver that's on my private in-home network?
     
  24. skinned66 macrumors 65816

    skinned66

    Joined:
    Feb 11, 2011
    Location:
    Ottawa, Canada
    #24
    They're literally doing you a favour. They've supported it more than long enough.
     
  25. Glockworkorange macrumors 68000

    Glockworkorange

    Joined:
    Feb 10, 2015
    Location:
    Chicago, Illinois
    #25
    Really? Wow.
     

Share This Page

28 June 6, 2019