Table of contents
SHA-1 deprecation, moving to SHA-2
What is SHA-1 and why it is being deprecated?
What is SHA-2?
Deadlines
What does Microsoft say about SHA-1?
What does Google say about SHA-1?
Timeline Microsoft + Google
Should I renew or not?
SHA-2 Compatibility
OS, Browser and Server support
Detailed Operating System Support
E-mail Clients
Word Processors
Code Signing
SafeNet iKey / eToken Compatibility
Mainframe
Services
Symantec® Secure Site Pro SHA-1 Private - One Step Solution for Applications ...The SSL Store™
Everyone are mostly aware that SHA-1 is not trusted and all CAs (Certification Authorities) are not even issuing new SHA-1 SSL & Code Signing certificates by January 1, 2016 itself & it has to be updated by SHA-2. One major benefit SHA-2 shows is that it overcomes the weaknesses which are in SHA-1 hashing algorithm but it also comes with some drawbacks on its own though it's not related to security but compatibility.
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
Avoiding pitfalls, meeting critical deadlines and eliminating service disruptions during SHA-1 certificate deprecation.
This paper will describe the technical and business impact of SHA-1 migration as it pertains to SSL certificates only. It will outline a recommended migration path to minimize the cost and operational impact of replacing affected SSL certificates.
SharePoint Saturday Ottawa - How secure is my data in office 365?AntonioMaio2
When considering a cloud based service like Office 365, questions about security and trust often gets asked – questions like: Can I trust Office 365 with my company’s data? How secure is my data in Office 365? Organizations are often cautious when it comes to trusting cloud services with storing and providing access to corporate data. This becomes even more of a concern when we think about sensitive data, personally identifiable data or data that requires regulatory compliance controls. Being cautious and asking a cloud service provider questions about security and trust is a positive step. Answering those questions requires learning about the security strategy the provider has employed, and the specific controls they have put in place to protect your data. This session will answer those questions and provide an overview of the robust set of security capabilities available in Office 365.
20 years of web cryptography, and its amazing how frequently its configured sub-optimally. We've had numerous encryption algorithms, digests, protocols come, and should have GONE, but everyone has just left them on. Its time to shut out the legacy browser. The vast majority of the worlds browser install base now auto-updates, and with strict (and prescriptive) compliance in force, we get to drop the bloat form the past. In this talk we'll cover the current TRANSITIONS we're going through from a web admins perspective: TLS, Cipher Suites, HTTP Security Headers, CAs, the move to an encrypted-by-default web, and more.
How Comodo Wildcard SSL is secure all the sub-domain in a single certificate ...EasyWildcardSSL
Comodo SSL Wildcard certificates save your business time and money by allowing you to secure your domain and all sub-domains with a single certificate.
Symantec® Secure Site Pro SHA-1 Private - One Step Solution for Applications ...The SSL Store™
Everyone are mostly aware that SHA-1 is not trusted and all CAs (Certification Authorities) are not even issuing new SHA-1 SSL & Code Signing certificates by January 1, 2016 itself & it has to be updated by SHA-2. One major benefit SHA-2 shows is that it overcomes the weaknesses which are in SHA-1 hashing algorithm but it also comes with some drawbacks on its own though it's not related to security but compatibility.
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
Avoiding pitfalls, meeting critical deadlines and eliminating service disruptions during SHA-1 certificate deprecation.
This paper will describe the technical and business impact of SHA-1 migration as it pertains to SSL certificates only. It will outline a recommended migration path to minimize the cost and operational impact of replacing affected SSL certificates.
SharePoint Saturday Ottawa - How secure is my data in office 365?AntonioMaio2
When considering a cloud based service like Office 365, questions about security and trust often gets asked – questions like: Can I trust Office 365 with my company’s data? How secure is my data in Office 365? Organizations are often cautious when it comes to trusting cloud services with storing and providing access to corporate data. This becomes even more of a concern when we think about sensitive data, personally identifiable data or data that requires regulatory compliance controls. Being cautious and asking a cloud service provider questions about security and trust is a positive step. Answering those questions requires learning about the security strategy the provider has employed, and the specific controls they have put in place to protect your data. This session will answer those questions and provide an overview of the robust set of security capabilities available in Office 365.
20 years of web cryptography, and its amazing how frequently its configured sub-optimally. We've had numerous encryption algorithms, digests, protocols come, and should have GONE, but everyone has just left them on. Its time to shut out the legacy browser. The vast majority of the worlds browser install base now auto-updates, and with strict (and prescriptive) compliance in force, we get to drop the bloat form the past. In this talk we'll cover the current TRANSITIONS we're going through from a web admins perspective: TLS, Cipher Suites, HTTP Security Headers, CAs, the move to an encrypted-by-default web, and more.
How Comodo Wildcard SSL is secure all the sub-domain in a single certificate ...EasyWildcardSSL
Comodo SSL Wildcard certificates save your business time and money by allowing you to secure your domain and all sub-domains with a single certificate.
Microsoft Exchange Server & SSL Certificates: Everything you need to knowCheapSSLsecurity
Require the best SSL Certificate for your Microsoft Exchange Server? here is the best guide each user should learn about SSL Certificate & Exchange Server.
Why Comodo SSL Certificates for your Website?Stacey Matthews
Comodo SSL Certificates are powerful, cost-effective security for e-Commerce websites. Get 90 Days Free SSL Certificate from here: https://ssl.comodo.com/free-ssl-certificate.php
If you are using a WordPress website, understand how SSL connection can protect your users and data of your website! SSL certificate and its importance.
In April 2015 the PCI Security Standards Council (SSC) released PCI DSS v3.1 to address threats to SSL and early TLS protocols. This presentation highlights the key implications for businesses that collect payment data and how to migrate to PCI DSS v3.1
Diapositives du Webinar SSL :
INTRODUCTION
Qu’est-ce que le SSL / TLS ?
L’intérêt du SSL
Rapide historique
Déroulement d’une connexion TLS
PARTIE 1
Quel est le rôle d’un certificat SSL ?
Les niveaux de validation
Les options d’un certificat SSL : Wildcard et SAN
Le processus de commande
La chaîne de certification
Algorithmes SSL : chiffrement & authentification
Étude de cas : exemples typiques
PARTIE 2
Modes de déploiement
TLS et épuisement des adresses IPv4
HAProxy et le SNI
Impacts du TLS
SSL offloading
SEO
Sécurité du protocole SSL
Slides of the Webinar "SSL, impact and optimisation"
INTRODUCTION
What is SSL?
The purpose of SSL
History of SSL / TLS
Overview of a TLS connection
PART 1
What is the role of an SSL certificate?
Levels of validation
Options for certificates: SAN and Wildcard
The certificate ordering process
Certificate chain
SSL algorithms: encryption & authentication
Examples
PART 2
TLS and IPV4 exhaustion
HAProxy and SNI
TLS impacts
SSL offloading
SEO
Security of the SSL protocol
Outsource your domain name portfolio management and register new extensions with SSL247® to benefit from our personalised service. Our policy: absolutely no hidden fees, zero hassle and genuine account management.
Externalisez la gestion de votre portefeuille de noms de domaine avec SSL247® et bénéficiez d’un service sur-mesure et sans mauvaise surprise. Notre politique : zéro coût caché, zéro tracas.
Nous couvrons tous les besoins de certification SSL : extranet, intranet, webmails, projets Microsoft Exchange, OCS, Citrix, VPN... et bien sûr tous les besoins pour le e-commerce.
MySSL® est une plateforme accessible en ligne 24h/24 et 7j/7, créée et administrée par nos soins, vous permettant de gérer en toute simplicité vos produits Web Security chez SSL247®
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. 1SSL247®
Ltd - 63 Lisson Street - Marylebone - London - NW1 5DA - UK Ι SSL247 Ltd is registered in England and Wales - No. 5802692
What is SHA-1 and why is it being deprecated?
SHA, or Secure Hash Algorithm, is a hashing algorithm used in secured connections to prove the integrity and authenticity
of a message to the receiver. SHA algorithm is the default hash algorithm set in SSL certificates.
SHA-1 is an algorithm producing a 160-bit fingerprint when used on a message.
It was the standard up until now for secured connections. However SHA-1 was adopted in 1995, a long time ago in
internet years. Just think of the computer you were using in 1995! Huge advances in technology and developments in
cryptography since then are putting pressure on SHA-1, and it has been shown to be unreliable.
Its days are numbered and the SSL industry is migrating to SHA-2. From January 1st 2017, SSL certificates using SHA-1
will no longer be recognised by web browsers and operating systems, rendering them useless. Most major browsers
(Chrome, Safari, Mozilla, Opera) have voiced their support for the move.
What is SHA-2?
SHA-2 is a set of hash functions including SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256.
The most common hash function used is SHA-256. So generally speaking, SHA-2 = SHA-256.
It works the same way as SHA-1, but produces a longer fingerprint when used on a message (256-bit instead of 160-bit
for SHA-1). Moving from SHA-1 to SHA-2 will increase security and safety online.
SHA-1 deprecation, moving to SHA-2
®
3. 2SSL247®
Ltd - 63 Lisson Street - Marylebone - London - NW1 5DA - UK Ι SSL247 Ltd is registered in England and Wales - No. 5802692
®
What does Microsoft say about SHA-1?
Microsoft’s Operating Systems will stop trusting SSL certificates using SHA-1 from January 1st, 2017, and Digital Signatures
using SHA-1 from January 1st, 2016.
All Certification Authorities (Symantec, GlobalSign, Comodo, ...) will stop issuance and / or reissuance of SSL certificates
by January 1st, 2016.
What does Google say about SHA-1?
Google believes Microsoft’s deadline (January 1st, 2017) is too far away from now, and SHA-1 is already a weak hashing
algorithm.
To force people to move to SHA-2 as soon as possible, Google will deprecate on Chrome the use of a SHA-1 certificate
which is valid after May 2016. To do so, they are displaying warning icons on websites using such certificates (see the
timeline below).
Deadlines
If your SHA-1 SSL certificate expires after January 1st, 2017, from this date any user trying to connect to your server will get this warning message
4. 3
SSL247®
Ltd - 63 Lisson Street - Marylebone - London - NW1 5DA - UK Ι SSL247 Ltd is registered in England and Wales - No. 5802692
®
SHA-1 Certificates expiring
Between June 1st
, 2016 and
December 31st
, 2016
SHA-1 Certificates expiring
After January 1st
, 2017
What the user saw on Chrome 39
(Released November 2014)
What the user sees now on Chrome 40
(Released January 2015)
What the user will see on Chrome 41
(Release: Q1 2015)
A
C
2014 2015 2016 2017
A B C
01 Jan 2017
Microsoft stops trusting
SHA‑1 SSL certificates.
Secure, but with minor errors
Secure, but with minor errors
Secure, but with minor errors
Neutral, lacking security
Affirmatively insecure
Secure
Note: if you have an EV (Extended Validation) certificate with SHA-1 expiring after June 1st, 2016, the new icon display in
Chrome (as shown above) will remove the green bar.
B
5. 4
The SHA-1 algorithm is set by default in your SSL certificate at the time of purchase, unless specified otherwise. In any
case, your SSL certificate must use SHA-2 from January 1st, 2017, and all Certification Authorities have ensured you can
purchase SHA-2 certificates from now on. If you chose to be PCI compliant, note that SHA-2 is an element required by
the authority in charge of this norm (Payment Card Industry Security Standards Council).
There are three possible situations:
If your certificate expires before January 1st, 2016: you can still get a SHA-1 certificate, but its validity period can’t go
after January 1st, 2017. Google Chrome won’t display any warning icon on your website.
If your certificate expires between January 1st, 2016 and January 1st, 2017: you won’t have any other
choice than renewing with SHA-2, but your SHA-1 certificate remains valid until December 31st, 2016.
However : if your certificate expires between June 1st and December 31st, 2016, Google Chrome displays a “minor error”
icon on your website.
If your SSL certificate expires after January 1st, 2017: after this date, Microsoft Operating Systems will stop trusting
your SSL certificate, and web browsers will do the same.
In addition to this, Google Chrome is displaying a “lacking security” icon on your website, and later on this year the
“lacking security” icon will become a “non secure” icon (with the release of Chrome 41).
Even if your certificate expires before or during 2016, we recommend that you migrate to SHA-2 as soon as you can.
Renewing in SHA-2 with SSL247®can be done at any time. It is entirely free of charge, easy and will not require a lot of
manipulation (note that SHA-2 certificates must be installed with their corresponding SHA-2 intermediates).
Overall there are minor compatibility issues, and the sooner you start using SHA-2, the more time you will have to fix
issues before your SHA-1 certificate becomes invalid. You will save time and avoid last-minute stress !
Our SHA-1 checker is available to help you quickly find out if your certificates are SHA-1:
https://www.ssl247.com/ssl-tools/sha1-checker
Should I renew or not?
SSL247®
Ltd - 63 Lisson Street - Marylebone - London - NW1 5DA - UK Ι SSL247 Ltd is registered in England and Wales - No. 5802692
6. 5
®
SSL247®
Ltd - 63 Lisson Street - Marylebone - London - NW1 5DA - UK Ι SSL247 Ltd is registered in England and Wales - No. 5802692
OS, Browser and Server support
SHA-2 Compatibility
Minimum OS Version
(SSL Certificates)
Minimum OS Version
(Client Certificates)
Apple OS X 10.5+ 10.5+
Apple iOS 3.0+ 3.0+
Android 2.3+ 2.3+
Blackberry 5.0+ 5.0+
ChromeOS ✓ ✓
Windows XP SP3+ XP SP3+
Windows Phone 7+ 7+
Windows Server 2003 SP2 +Hotfixes (MS13-095) 2003 SP2 +Hotfixes (MS13-095)
Minimum Browser Version
Chrome 1.0+ (38+)
Firefox 1.0+
Internet Explorer
6+
(On a SHA-2 compatible OS)
Konqueror 3.5.6+
Mozilla 1.4+
Netscape 7.1+
Opera 6.0+
Safari
3+
(Ships with OS X 10.5)
Minimum Server Version
Apache Server* 2.0.63+ w/ OpenSSL 0.9.8o+
IBM Domino Server 9.x with Fix Pack
IBM HTTP Server 8.5 (Bundled with Domino 9)
Microsoft Server Exchange Dependent on Windows Server Version
Oracle Weblogic 10.3.1+
* Apache 2.0 is bundled with mod_ssl by default. Versions prior to 2.0 require manual installation of mod_ssl for any SSL
support at all. Mod_gnutls is an alternative to mod_ssl, leveraging GnuTLS instead of OpenSSL libraries.
7. 6
SSL Certificates
(Client Side)
SSL Certificates
(Server Side)
S/
MIME Code Signing
Windows XP (SP1, SP2) ✗ N/A ✗ ✗
Windows XP SP3 ✓ N/A Partial Partial
Windows Vista ✓ N/A ✓ Partial
Windows 7 ✓ N/A ✓ Partial
Windows 8 ✓ N/A ✓ ✓
Windows Server 2003 / 2003 SP1 ✗ ✗ ✗ ✗
Windows Server 2003 SP2 +MS13-095 ✓ ✓ ✓ N/A
Windows Server 2008 ✓ ✓ ✓ Partial
Windows Server 2008 R2 ✓ ✓ ✓ ✓
Windows Server 2012 & 2012 R2 ✓ ✓ ✓ ✓
Windows Phone 5 ✗ N/A ✗ N/A
Windows Phone 6 ✗ N/A ✗ N/A
Windows Phone 7 ✓ N/A ✓ N/A
Windows Phone 8 ✓ N/A ✓ N/A
E-mail Clients
Verify SHA-1
Signed E-Mail
Verify SHA-256
Signed E-Mail
Send SHA-1
Signed E-Mail
Send SHA-256
Signed E-Mail
Mozilla Thunderbird 24 on
XP SP3 ✓ ✓ ✓ N/A
IBM Notes 8 ✓ ✗ ✓ ✗
IBM Notes 9 ✓ ✓ ✓ ✓
Microsoft Entourage 2004 ✓ ✗ ✓ ✗
Microsoft Entourage 2008 ✓ ✓ ✓ ✓
Outlook 2003 / 2007 on
XP SP3 ✓ ✗ ✓ ✗
Outlook 2007 on Windows
Vista & 7 ✓ ✓ ✓ ✓
Outlook for Mac 2011 ✓ ✓ ✓ ✓
Detailed Operating System Support
SSL247®
Ltd - 63 Lisson Street - Marylebone - London - NW1 5DA - UK Ι SSL247 Ltd is registered in England and Wales - No. 5802692
Notes on “Partial” compatibility:
• S/MIME:
Outlook on Windows XP SP3 can utilize certificates signed with SHA-256 but cannot validate an e-mail signed using the
SHA-256 hashing algorithm. By default Outlook signs with SHA1 even if a SHA2 cert is in use though this behavior can be
changed if desired.
• Code Signing:
Code can be signed with a SHA2 cert on any of the systems listed as having partial or full compatibility without issue. There
is an incompatibility with SHA2 signed kernel drivers on the partially compatible platforms. Kernel drivers signed with SHA2
certs will not install on systems listed as having “Partial” compatibility.
8. 7
Word Processors
Verify SHA-1
Signed Docu-
ment
Verify SHA-256
Signed Document
Place SHA-1 Signature
with SHA-256 certif-
icate
Place SHA-256 Sig-
nature with SHA-256
certificate
Word 2003 & 2007
on XP SP3 ✓ N/A ✓ ✗
LibreOffice Writer
4.2 on XP SP3 ✓ N/A ✓ N/A
Document Signing
Place SHA1 Signature with
SHA-256 certificate
Place SHA2 Signature with
SHA-256 certificate
Validate
SHA2 Signature
LibreOffice 4 ✓ ✗ ✗
Microsoft Office 2003,
2007 ✓ ✗ ✗
Microsoft Office 2010,
2013 ✓ ✓ ✓
Adobe Acrobat 8.0+ ✓ ✓ ✓
Adobe Reader 8.0+ ✓ ✓ ✓
Note: Adobe Reader 8+ can place signatures with a Digital ID if the functionality has been enabled via Adobe Acrobat
Professional.
Adobe Acrobat & Adobe Reader are compatible with SHA-256 certs as of version 8.0, but still place SHA1 signatures by
default. As of version 9.1, Acrobat & Reader will prefer SHA-256 for the signature hash if available, otherwise it will fall
back to SHA1. SHA-2 signatures can be preferred in versions prior to 9.1 through edits to the registry.
Digital signatures placed with newer versions of Microsoft Office may not be backwards compatible with older versions.
Legacy compatibility can be specified manually.
Office 2003 - 2010 work with SHA-2 certs, but place SHA1 signatures. Office 2013 uses SHA2 as the default signature hash
when available. You can specify the signature hash in Office 2010 & 2013 via the registry.
Windows Code Signing
Executables Kernel Drivers
VBA Macros: Of-
fice 2003, 2007
VBA Macros:
Office 2010
VBA Macros:
Office 2013
Windows XP (SP1, SP2) ✗ ✗ ✗ ✗ N/A
Windows XP SP3 ✓ ✗ ✗ ✓ N/A
Windows Vista ✓ ✗ ✗ ✓ N/A
Windows 7 ✓ ✗ ✗ ✓ ✓
Windows 8 ✓ ✓ ✗ ✓ ✓
Office 2010 on Windows 7 requires hotfix kb 2598139 to add SHA-256 support for CodeSigning Certs.
Minimum Version Required
Visual Studio Tools for Office (VSTO) 10.0.50325
SSL247®
Ltd - 63 Lisson Street - Marylebone - London - NW1 5DA - UK Ι SSL247 Ltd is registered in England and Wales - No. 5802692
9. 8
Toolkits, Libraries, Frameworks, etc.
Minimum Version Required
Java Java 1.4.2+
Mozilla NSS 3.8+
OpenSSL 0.9.8o+
GNUTLS 1.7.4+
.NET FX 3.5 SP1+
SafeNet iKey / eToken Compatibility
Works with SHA2 Certificate Place SHA1 Signature Place SHA2 Signature
iKey 4000 ✓ ✓ ✗
eToken 5100 ✓ ✓ ✓
Mainframe
Minimum Version Required
IBM z/OS v1r10
Citrix Support
Minimum Version Required
Citrix receiver Varies - See PDF
Services
Notes
Belgian Online Government Services
No SHA2 Support.
Issue PersonalSign3 as SHA1.
FDA ESG Works with SHA2
FDA Encrypted E-Mail FDA S/MIME firewall cannot handle SHA2.
WARNING : a critical bug called "Heartbleed bug" has been
detected in OpenSSL versions 1.0.1 to 1.0.1f - if you use any of
them, update immediatly to 1.0.1g an reissue all you certificates
with new key pairs.