- Apr 12, 2001
In a new support document, Apple has indicated that macOS Catalina and iOS 13 drop support for TLS certificates signed with the SHA-1 hash algorithm, which is now considered to be insecure. SHA-2 is now required at a minimum.
Apple says all TLS server certificates must comply with these new security requirements in macOS Catalina and iOS 13:
- TLS server certificates and issuing CAs using RSA keys must use key sizes greater than or equal to 2048 bits. Certificates using RSA key sizes smaller than 2048 bits are no longer trusted for TLS.
- TLS server certificates and issuing CAs must use a hash algorithm from the SHA-2 family in the signature algorithm. SHA-1 signed certificates are no longer trusted for TLS.
- TLS server certificates must present the DNS name of the server in the Subject Alternative Name extension of the certificate. DNS names in the CommonName of a certificate are no longer trusted.
Google, Microsoft, and Mozilla all deprecated SHA-1 certificates in 2017.
Article Link: Apple Drops Support for SHA-1 Certificates in macOS Catalina and iOS 13
Last edited by a moderator: