/sha1-tls-deprecation-timeline.txt

## sha1-tls-deprecation-timeline.txt
Chrome 39 (released 2014-11-18):
        Leaf certs expiring >= 2017-01-01 with SHA-1 sig in chain -> UI "secure, but with minor errors" [chrome-1]

Chrome 40 (released 2015-01-20):
        Leaf certs expiring (2016-06-01 - 2016-12-31) with SHA-1 sig in chain -> UI "secure, but with minor errors";
        Leaf certs expiring >= 2017-01-01 with SHA-1 sign in chain -> UI "neutral, lacking security" [chrome-1]

Chrome 42 (released 2015-04-14):
        Leaf certs expiring (2016-01-01 - 2016-12-16) with SHA-1 sig in chain -> UI "secure, but with minor errors";
        Leaf certs expiring >= 2017-01-01 with SHA-1 sign in chain -> UI "affirmatively insecure" [chrome-1][filippo]

Firefox 43 (released 2015-12-15):
        Leaf certs issued >= 2016-01-01 with SHA-1 sig in chain -> skippable click-through error [moz-1]

Chrome 48 (released 2016-01-20):
        Leaf certs issued >= 2016-01-01 with SHA-1 sig in chain and chains to public root CA -> skippable click-through error [chrome-2]

Chrome >48 (sometime in 2016):
        Leaf certs with SHA-1 sig in chain and chains to public root CA -> unskippable fatal error [chrome-2]

Edge, IE, Windows - Summer 2016 (released 2016-07-24):
        Leaf certs with SHA-1 sig in chain and chains to public root CA -> UI "no lock icon" [ms-3]

Firefox 51 (release ~2017-01; phased rollout starting 2016-11-07):
        Leaf certs with SHA-1 sig in chain and chains to public root CA -> skippable click-through error [moz-2][kaply]

Edge, IE, Windows (2017-02-14):
        "Windows will no longer trust certificates signed with SHA-1" [ms-1]
        "both Edge and IE will block SHA-1 signed TLS certificates" [ms-3]


[chrome-1] https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html
[chrome-2] https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html
[cf] https://blog.cloudflare.com/sha-1-deprecation-no-browser-left-behind/
[filippo] https://blog.filippo.io/the-unofficial-chrome-sha1-faq/
[kaply] https://mike.kaply.com/2016/09/01/upcoming-changes-to-root-certificates-in-firefox-on-windows/
[moz-1] https://blog.mozilla.org/security/2015/10/20/continuing-to-phase-out-sha-1-certificates/
[moz-2] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
[ms-1] https://aka.ms/sha1
[ms-2] https://blogs.windows.com/msedgedev/2015/11/04/sha-1-deprecation-update/
[ms-3] https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/
	Chrome 39 (released 2014-11-18):
	Leaf certs expiring >= 2017-01-01 with SHA-1 sig in chain -> UI "secure, but with minor errors" [chrome-1]

	Chrome 40 (released 2015-01-20):
	Leaf certs expiring (2016-06-01 - 2016-12-31) with SHA-1 sig in chain -> UI "secure, but with minor errors";
	Leaf certs expiring >= 2017-01-01 with SHA-1 sign in chain -> UI "neutral, lacking security" [chrome-1]

	Chrome 42 (released 2015-04-14):
	Leaf certs expiring (2016-01-01 - 2016-12-16) with SHA-1 sig in chain -> UI "secure, but with minor errors";
	Leaf certs expiring >= 2017-01-01 with SHA-1 sign in chain -> UI "affirmatively insecure" [chrome-1][filippo]

	Firefox 43 (released 2015-12-15):
	Leaf certs issued >= 2016-01-01 with SHA-1 sig in chain -> skippable click-through error [moz-1]

	Chrome 48 (released 2016-01-20):
	Leaf certs issued >= 2016-01-01 with SHA-1 sig in chain and chains to public root CA -> skippable click-through error [chrome-2]

	Chrome >48 (sometime in 2016):
	Leaf certs with SHA-1 sig in chain and chains to public root CA -> unskippable fatal error [chrome-2]

	Edge, IE, Windows - Summer 2016 (released 2016-07-24):
	Leaf certs with SHA-1 sig in chain and chains to public root CA -> UI "no lock icon" [ms-3]

	Firefox 51 (release ~2017-01; phased rollout starting 2016-11-07):
	Leaf certs with SHA-1 sig in chain and chains to public root CA -> skippable click-through error [moz-2][kaply]

	Edge, IE, Windows (2017-02-14):
	"Windows will no longer trust certificates signed with SHA-1" [ms-1]
	"both Edge and IE will block SHA-1 signed TLS certificates" [ms-3]



	[chrome-1] https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html
	[chrome-2] https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html
	[cf] https://blog.cloudflare.com/sha-1-deprecation-no-browser-left-behind/
	[filippo] https://blog.filippo.io/the-unofficial-chrome-sha1-faq/
	[kaply] https://mike.kaply.com/2016/09/01/upcoming-changes-to-root-certificates-in-firefox-on-windows/
	[moz-1] https://blog.mozilla.org/security/2015/10/20/continuing-to-phase-out-sha-1-certificates/
	[moz-2] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
	[ms-1] https://aka.ms/sha1
	[ms-2] https://blogs.windows.com/msedgedev/2015/11/04/sha-1-deprecation-update/
	[ms-3] https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/