Akamai Diversity

The Akamai Blog

Introducing SHA-2 Certificates and Forward Secrecy

In order to provide a higher level of transport-layer security, Akamai will soon be introducing two notable changes to SSL/TLS support on our secure platform. These new features will upgrade your sites' SSL/TLS configuration to be consistent with new industry standards around encryption and certificates.
SHA-2 Certificates
Every certificate used to authenticate and secure TLS communications between clients and servers includes a digital signature based on a one-way cryptographic hashing algorithm. Most certificates in use on the Internet today employ the SHA-1 hashing algorithm. As computing power increases, it becomes easier and cheaper to assemble systems which could attack these signatures by finding hash collisions. In the past, the digital certificate industry has changed the standard hashing method several times, moving from MD4, to MD5, to SHA-1.

Today, a move is underway to replace SHA-1 with the SHA-2 family of hashes, starting with SHA-256. Beginning in November 2014, the popular web browser Google Chrome will show a warning when connecting to secure sites whose certificates expire in 2017 and employ SHA-1 hashes. Beginning in January 2015, Chrome will show a warning for sites with SHA-1 certificates expiring after June 1, 2016. And beginning in the spring of 2015, Chrome will show an error for sites with SHA-1 certificates expiring anytime in 2016. You can read more about these Chrome changes at the Google Chromium Blog.

Akamai will soon start offering SHA-2 based certificates using the SHA-2 hashing algorithm (specifically, SHA-256).

Akamai plans to automatically reissue all Akamai-managed SSL/TLS certificates using SHA-256 before Google Chrome starts warning users about outdated signatures. Customers with Akamai-managed certificates on an annual renewal cycle (single hostname, wildcard, or SAN certificates, issued by Verizon/Cybertrust or Symantec) do not need to take any action at this time. An opt-out mechanism will be provided for customers who wish to continue using SHA-1 based certificates.

For customers with Akamai-managed EV or EV SAN certificates that are valid into 2016, we will reach out to you to start early renewal or reissuance using SHA-2 in the next few months.

If you have a third-party certificate on the Akamai network, you can upgrade it to a SHA-2 certificate today. Simply contact customer care and note that you wish to reissue your third-party certificate. You will receive a CSR from your account team, just as you do for any other certificate modifications or renewals. While this CSR will use the SHA-1 signature hash, your CA will accept it and can use it to issue a SHA-2 certificate. The hash method used in the CSR is not connected to the hash method in certificates generated from that CSR. Return that SHA-2 certificate bundle to Akamai and we will replace your existing certificate with the new one. Please be sure to include any new intermediate certificates required by your CA.

(Perfect) Forward Secrecy
When browsers and other Internet clients open connections to web servers using HTTPS, the encrypted version of the standard HTTP protocol, the two sides negotiate and select a common encryption cipher used to secure their communications. Traditionally, these ciphers used in HTTPS connections have used the server's secret key to generate a session key for each communications session. That session key is then used to encrypt the traffic between client and the server.

Forward Secrecy (also known as PFS) enables a unique, ephemeral key to be used for each encrypted session. This means that if the server's secret key were to be compromised by a third-party, they would not be able to decrypt the traffic for prior communication sessions between clients and the server. The Electronic Frontier Foundation has a good overview of Forward Secrecy explaining what this technology does to secure Internet communications.

Later this year, and into early 2015, we will be upgrading most of our customers who are on the default cipher configuration to one that includes PFS ciphers in addition to the standard ciphers already in place. Modern web browsers and other clients will be able to take advantage of the increased security, while older clients will continue to connect using older (but still safe) ciphers. No configuration changes are needed in browsers or other clients to take advantage of PFS, or to enable backwards compatibility. Customers who would like to participate in our Limited Availability program, and enable PFS early, may do so today by contacting Customer Care. If you have a custom set of ciphers configured for your slots, we will make no changes to them.

Take a look at SSL Labs to see an analysis of a PFS-enabled Akamai site.

Updating Cipher Support
Akamai is also using this opportunity to disable certain older ciphers which are no longer used from our default cipher profile. Customers who have specified custom ciphers for their slots will see no changes.

Once the PFS upgrade is complete, these ciphers will be enabled (in this order): ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-GCM-SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-AES256-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES256-SHA, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES128-SHA, AES256-GCM-SHA384, AES128-GCM-SHA256, AES256-SHA256, AES128-SHA256, AES128-SHA, DES-CBC3-SHA.

These old ciphers will no longer be supported: RC4-SHA, IDEA-CBC-SHA, RC4-MD5, DES-CBC-SHA, EXP-DES-CBC-SHA, EXP-RC2-CBC-MD5, EXP-RC4-MD5.

Faster Forward
... to a more secure Internet. We have more enhancements planned for SSL/TLS in 2015 and look forward to sharing them with you soon. As always, if you have any questions or concerns, please reach out to your account team or Customer Care.

Leave a comment