IE/Edge Users must receive warning when sites use SHA-1 signed certificates

Fixed, not yet flighted Issue #6842714

Details

Created
Mar 11, 2016
Privacy
This issue is public.
Reports
Reported by 0 people

Sign in to watch or report this issue.

Steps to reproduce

URL:

Repro Steps:

Browse https://badssl.com/ and go to either links:

https://sha1-2016.badssl.com/

https://sha1-2017.badssl.com/

Expected Results:

  1. The lock icon should indicate that the security configuration is weak

OR

  1. Show the usual security certificate warning like:

There is a problem with this website’s security certificate.

The security certificate presented by this website has expired or is not yet valid.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

We recommend that you close this webpage and do not continue to this website.

Recommended iconClick here to close this webpage.

Not recommended iconContinue to this website (not recommended).
More information More information

Actual Results:

Dev Channel specific:

No

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Kamen M.”

      Changed Assigned To to “Venkat K.”

      Changed Assigned To from “Venkat K.” to “Alec O.”

      Changed Status to “Confirmed”

      Changed Assigned To from “Alec O.” to “IE S.”

      Changed Status from “Confirmed” to “Fixed, not yet flighted”

    • Hello,

      Thank you for providing this information about the issue. We are pleased to report this feature is fixed in Edge 14393 and is available in our latest public stable build.

      Best Wishes,
      The MS Edge Team

    You need to sign in to your Microsoft account to add a comment.

    Sign in