Recently, Mozilla announced they’ll phase out support for SHA-1 certificates in Firefox browser, on January 1, 2016. Firefox 43 has started rejecting new SHA-1 certificates, this has affected users on Man-in-the Middle devices.
“However, for Firefox users who are behind certain “man-in-the-middle” devices (including some security scanners and antivirus products), this change removed their ability to access HTTPS web sites.” Mozilla’s Richard bornes said in a blog post published on their security blog.
Apparently users using MitM software not able to access encrypted sites.
“When a user tries to connect to an HTTPS site, the man-in-the-middle device sends Firefox a new SHA-1 certificate instead of the server’s real certificate. Since Firefox rejects new SHA-1 certificates, it can’t connect to the server.”
In order to estimate the number of users affected, Mozilla has decided to allow or re-enable SHA1-certs in browser by releasing Firefox 43.0.4. Behind the scenes, this changes about:config preference security.pki.sha1_enforcement_level value to 0, as a result, Firefox accepts all SHA-1 certificates.
How to know if you’re affected?
If you’re not able to access HTTPS or secure websites in Firefox browser, after opening any HTTPS link in the browser, visit the Advanced section in Options and check for the error code SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED”, if you can see the error code, then you’re affected.
Then you need to download latest Firefox version from another browser and install on your computer. If you don’t want to reinstall Firefox again, just set security.pki.sha1_enforcement_level preference value to zero.
Company re-iterates they’re committed to removing support for SHA-1 certificates from Firefox browser.