You are here

Recent Attacks on SHA-1 - freestart collisions

SHA-1, Client Certificate, SHAppening, freestart, collisions

The enduring progress in the cryptanalysis of the SHA-1 hash function has decreased the cost of successful attacks on SHA-1 signatures significantly, and they will become insecure earlier than expected. Details about the freestart collision attack, a.k.a. SHAppening can be found in [1]. The research group estimates that criminal syndicates are now (Fall 2015) able to generate SHA-1 collisions.

There is a serious risk that attackers may use SHA-1 collision attacks to forge existing certificates in the near future. This can be prevented by updating clients and servers to stop accepting SHA-1 certificates. Browser vendors like Microsoft, Google and Mozilla have announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017.


We recommend to identify any SHA-1 certificates and replace them by SHA-256 certificates as soon as possible. For server certificates on Airlock WAF, the signature algorithm is visible at "Application Firewall" - “Certificates” - “Certificate content":


sha-256 Certificate in Airlock WAF

If you are using client certificate authentication with Airlock WAF and you no longer need support for SHA-1 client certificates (i.e. all your client certificates are based on RSA/SHA-256 signatures), you can add the following Apache Expert setting on the corresponding virtual host or mapping to stop accepting certificates with signature schemes other than RSA/SHA-256.

SSLRequire %{SSL_CLIENT_A_SIG} == "sha256WithRSAEncryption"


Airlock Vulnerability Status: 
Airlock vulnerable, see resolution
Back-end Vulnerability Status: 
No action required