{"id":2065,"date":"2016-01-06T15:03:53","date_gmt":"2016-01-06T23:03:53","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=2065"},"modified":"2016-01-06T15:03:53","modified_gmt":"2016-01-06T23:03:53","slug":"man-in-the-middle-interfering-with-increased-security","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2016\/01\/06\/man-in-the-middle-interfering-with-increased-security\/","title":{"rendered":"Man-in-the-Middle Interfering with Increased Security"},"content":{"rendered":"<p>According to the plan we published earlier for <a href=\"https:\/\/blog.mozilla.org\/security\/2015\/10\/20\/continuing-to-phase-out-sha-1-certificates\/\">deprecating SHA-1<\/a>, on January 1, 2016, Firefox 43 began rejecting new certificates signed with the SHA-1 digest algorithm.\u00a0 For Firefox users with unfiltered access to the Internet, this change probably went unnoticed, since there simply aren\u2019t that many new SHA-1 certs being used.\u00a0 However, for Firefox users who are behind certain \u201c<a href=\"https:\/\/en.wikipedia.org\/wiki\/Man-in-the-middle_attack\">man-in-the-middle<\/a>\u201d devices (including some security scanners and antivirus products), this change removed their ability to access HTTPS web sites.\u00a0 When a user tries to connect to an HTTPS site, the man-in-the-middle device sends Firefox a new SHA-1 certificate instead of the server\u2019s real certificate.\u00a0 Since Firefox rejects new SHA-1 certificates, it can\u2019t connect to the server.<\/p>\n<h3>How to tell if you\u2019re affected<\/h3>\n<p>If you can access this article in Firefox, you\u2019re fine.\u00a0 If you\u2019re reading this in another browser, see if you can load <a href=\"https:\/\/blog.mozilla.org\/security\">the security blog<\/a> (or any other HTTPS link) in Firefox.\u00a0 Click \u201cAdvanced\u201d, and if you see the error code \u201cSEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED\u201d, then you\u2019re affected.<\/p>\n<h3>What to do if you\u2019re affected<\/h3>\n<p>The easiest thing to do is to install <a href=\"https:\/\/firefox.com\">the newest version of Firefox<\/a>.\u00a0 You will need to do this manually, using an unaffected copy of Firefox or a different browser, since we only provide Firefox updates over HTTPS.<\/p>\n<p>If you want to avoid reinstalling, advanced users can fix their local copy of Firefox by going to about:config and changing the value of \u201csecurity.pki.sha1_enforcement_level\u201d to 0 (which will accept all SHA-1 certificates).<\/p>\n<p>You should also make sure that any systems you have that might be doing man-in-the-middle are up to date, for example, some anti-virus software or security scanning devices.\u00a0 Some vendors have removed the use of SHA-1 in recent updates.<\/p>\n<h3>Commitment to deprecate SHA-1<\/h3>\n<p>We are still committed to removing support for SHA-1 certificates from Firefox.\u00a0 The latest version of Firefox re-enables support for SHA-1 certificates to ensure that we can get updates to users behind man-in-the-middle devices, and enable us to better evaluate how many users might be affected.\u00a0 Vendors of TLS man-in-the-middle systems should be working to update their products to use newer digest algorithms.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to the plan we published earlier for deprecating SHA-1, on January 1, 2016, Firefox 43 began rejecting new certificates signed with the SHA-1 digest algorithm.\u00a0 For Firefox users with &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2016\/01\/06\/man-in-the-middle-interfering-with-increased-security\/\">Read more<\/a><\/p>\n","protected":false},"author":998,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[69],"tags":[],"coauthors":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Man-in-the-Middle Interfering with Increased Security - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2016\/01\/06\/man-in-the-middle-interfering-with-increased-security\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Richard Barnes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2016\/01\/06\/man-in-the-middle-interfering-with-increased-security\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2016\/01\/06\/man-in-the-middle-interfering-with-increased-security\/\",\"name\":\"Man-in-the-Middle Interfering with Increased Security - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2016-01-06T23:03:53+00:00\",\"dateModified\":\"2016-01-06T23:03:53+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/07606285eceef4058a743f3f8ec2e290\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2016\/01\/06\/man-in-the-middle-interfering-with-increased-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2016\/01\/06\/man-in-the-middle-interfering-with-increased-security\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2016\/01\/06\/man-in-the-middle-interfering-with-increased-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Man-in-the-Middle Interfering with Increased Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/07606285eceef4058a743f3f8ec2e290\",\"name\":\"Richard Barnes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/6070530fd061c73fde0bc242f38e16cb\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a8148a9fe438c0b63cd06d650c6104f3?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a8148a9fe438c0b63cd06d650c6104f3?s=96&d=identicon&r=g\",\"caption\":\"Richard Barnes\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Man-in-the-Middle Interfering with Increased Security - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2016\/01\/06\/man-in-the-middle-interfering-with-increased-security\/","twitter_misc":{"Written by":"Richard Barnes","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2016\/01\/06\/man-in-the-middle-interfering-with-increased-security\/","url":"https:\/\/blog.mozilla.org\/security\/2016\/01\/06\/man-in-the-middle-interfering-with-increased-security\/","name":"Man-in-the-Middle Interfering with Increased Security - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2016-01-06T23:03:53+00:00","dateModified":"2016-01-06T23:03:53+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/07606285eceef4058a743f3f8ec2e290"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2016\/01\/06\/man-in-the-middle-interfering-with-increased-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2016\/01\/06\/man-in-the-middle-interfering-with-increased-security\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2016\/01\/06\/man-in-the-middle-interfering-with-increased-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Man-in-the-Middle Interfering with Increased Security"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/07606285eceef4058a743f3f8ec2e290","name":"Richard Barnes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/6070530fd061c73fde0bc242f38e16cb","url":"https:\/\/secure.gravatar.com\/avatar\/a8148a9fe438c0b63cd06d650c6104f3?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a8148a9fe438c0b63cd06d650c6104f3?s=96&d=identicon&r=g","caption":"Richard Barnes"}}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2065"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/998"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=2065"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2065\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=2065"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=2065"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=2065"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=2065"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}