Obsolete cryptography (SHA1) warning although certificate uses SHA256

  • I ordered a certificate with SHA256 from Comodo and was wondering why Chrome shows this message:

    Your connection is encrypted with obsolete cryptography.

    The connection is encrypted using AES_256_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism.

    It complains about SHA1 although the only certificate that uses SHA1 is the root certificate, which shouldn't be the problem. Why does Chrome show the warning like this?

    Here is the result from the SSL Labs test (certificate information and cipher suites on the server):

    Path #1

    [my domain]
    RSA 2048 bits (e 65537) / SHA256withRSA

    COMODO RSA Domain Validation Secure Server CA
    RSA 2048 bits (e 65537) / SHA384withRSA

    COMODO RSA Certification Authority
    RSA 4096 bits (e 65537) / SHA384withRSA

    Path #2

    [my domain]
    RSA 2048 bits (e 65537) / SHA256withRSA

    COMODO RSA Domain Validation Secure Server CA
    RSA 2048 bits (e 65537) / SHA384withRSA

    COMODO RSA Certification Authority
    RSA 4096 bits (e 65537) / SHA384withRSA

    AddTrust External CA Root
    RSA 2048 bits (e 65537) / SHA1withRSA

    Cipher Suites

    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA

    Note: I know that AES_256_CBC isn't considered modern cryptography, so the warning about obsolete cryptography would still appear. I was just wondering about the SHA1 part.

  • The error message is just misleading

    You said yourself:

    I know that AES_256_CBC isn't considered modern cryptography, so the warning about obsolete cryptography would still appear.

    And that is why you get that message.

    Now unfortunately the message itself is not very clearly phrased.

    SHA-1 is used in several circumstances. And here the "SHA-1" refers to HMAC message authentication and not to its use inside certificates.

    From the Chromium TLS page (Archived here.):

    Message Authentication

    You may see:

    “The connection is using [cipher] with SHA1 for message authentication.”

    This actually means that the connection is using HMAC-SHA1 for data integrity, rather than as a certificate signing algorithm (e.g. sha1WithRSAEncryption). The HMAC construction is strong enough that it is not broken when used with SHA1 (or even MD5) as the hash function, so this is not currently deprecated.

    What to do
    Enable and have the server prefer a cipher suite that Chrome likes better. Namely: Something with forward secrecy and either AES-GCM or CHACHA20_POLY1305. (The TLS page recommends TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.)

    Since that is already in your list, all you have to do is change the server's preference for it.

    Starting from Chrome 44, SHA1 will be changed to HMAC-SHA1. "The connection is encrypted using AES_256_CBC, with HMAC-SHA1 for message authentication and DHE_RSA as the key exchange mechanism."

    So, why does SSL Labs give an "A" and Chrome consider it an error?

    @MikeWills: that's weird. Should at most be a warning. Not an error. Can you share the URL?

    I figured it out, we had one image being delivered over http. That caused the issue.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM