SHA2 supported Browser and Server List

Solution ID:    SO25585    Updated:    07/22/2015

Solution

As of 2014 SHA-2 certificates (SHA256 and SHA-2 family) is the recommended norm for SSL/TLS handshakes. 

Please note however that although a browser or server may support SHA256 certificates it does not mean the SSL/TLS handshake itself will be usng a SHA256 connection when a SHA256 certificate is installed. If the server and browsers are not configured to specifically use SHA256 session ciphers the SSL/TLS handshake will not be SHA256. An example of a SHA256 cipher to be used is AES256-GCM.

At this stage we do not support enabling or disabling of ciphers. Please consult your server vendors for more information on enabling SHA256 on your server.

For a list of supported browsers and server that accept SHA256 certificates according to CA Security Council, please view the following:

OS, Browsers, and Servers which reportedly support SHA-256 in their entirety:

Operating Systems/Other – support SHA-256
Android 2.3+
Apple iOS 3.0+
Apple OS X 10.5+
Blackberry 5.0+
ChromeOS
Windows 7
Windows Outlook 2003+ running on Service Pack 3 (partial), complete on Windows Vista
Windows Phone 7+
Windows Vista
Windows XP SP3+ (patched)

Browsers – support SHA-256
Adobe Acrobat/Reader 7
Blackberry 5+
Chrome 26+
Chrome under Linux
Chrome under Mac from Mac OS X 10.5
Chrome under Windows Vista and higher
Firefox 1.5+
Internet Explorer 7+ and higher
Internet Explorer 7+ under Vista
Internet Explorer 6+ under Windows XP SP3 (patched)
Java 1.4.2+ based products
Konqueror 3.5.6+
Mozilla 1.4+
Mozilla products based on NSS 3.8+ (since April 2003)
Netscape 7.1+
Opera 9.0+
Products based on OpenSSL 0.9.8o+
Safari from Mac OS X 10.5+
Windows Phone 7+

Servers – support SHA-256
Apache server and OpenSSL 0.9.8o+
Apache 2.0.63+ , OpenSSL 1.1.x 
OpenSSL based servers - OpenSSL 0.9.8o+
Windows Server 2003+ with patch 938397
Windows Server 2003+ or XP client with patch 968730
Windows Server 2008+
Java based servers - 1.4.2+
Cisco ACE module software version A4(1.0)
Citrix Receiver models:
  Mac 11.8.2
  Windows 4.1 (std)
  Windows 3.4 (ent)
  Windows 8/RT (1.4)
  Windows Phone 8 (1.1)Citrix Receiver models:
Oracle WebLogic v10.3.1+ see bug8422724
Oracle Wallet Manager 11.2.0.3+
IBM HTTP Server 8.5 (with Lotus Domino  9+)
Juniper Secure Access -  SA 6.4R5, 6.5R3, and 7.0R1 and later releases. 
Websphere application Server v8.0.0.4

 

Servers which reportedly DO NOT support SHA-256 in their entirety
Servers
Juniper SBR
IBM Domino
Citrix Receiver models – see URL*
Linux 13.0
IOS 5.8.3
Android 3.4.13
HTML 5 1.2
Playbook 1.0
Blackberry 2.2 / BlackBerry 1.0 Tech Preview
Cisco ACE module software versions A2 and A3

*Windows servers may require a patch from Microsoft to support SHA-256 signature algorithm.
For more information visit Microsoft web site.

Additionally for SHA256 connections to be made, TLS1.2 may need to be enabled on the system. 

*Citrix Receiver models URL (see table):
 

Disclaimer:

Thawte has made efforts to ensure the accuracy and completeness of the information in this document. However, Thawte makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. Thawte assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document. Further, Thawte assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Thawte reserves the right to make changes to any information herein without further notice.  

Find Answers


Search Tips