Trustzone

SHA2 Compatibility

Please don't hesitate to contact us by calling +45 88 33 10 00
or sending an email - we're here to help you

SHA2 COMPATIBILITY

 

Certificates issued with the SHA256 hashing algorithm have support on most modern operating systems. Some older systems only support hashing algorithms such as MD5 or SHA1 and not the more secure SHA2. As a general rule, SHA256 is supported on OS X 10.5+ and Windows XP SP3+.

There are some use cases where SHA256 is not supported. Read below for minimum version requirements as well as finer compatibility detail and exceptions.

OS, BROWSER AND SERVER SUPPORT
 
MINIMUM OS VERSION (SSL)
MINIMUM OS VERSION (CLIENT)
Apple OS X 10.5+ 10.5+
Apple iOS 3.0+ 3.0+
Android 2.3+ 2.3+
Blackberry 5.0+ 5.0+
ChromeOS
Windows [1] [2] XP SP3+ XP SP3+ (Partial)
Windows Phone 7+ 7+
Windows Server 2003 SP2 +Hotfixes (Partial) 2003 SP2 +Hotfixes (Partial)
     
 
MINIMUM BROWSER VERSION 
 
Chrome 26+  
Firefox 1.5+  
Internet Explorer 6+
(With XP SP3+)
 
Konqueror 3.5.6+  
Mozilla 1.4+  
Netscape 7.1+  
Opera 9.0+  
Safari 3+
(Ships with OS X 10.5)
 
 
 
 
 
MINIMUM SERVER VERSION 
 
Apache Server 2.0.63+ w/ OpenSSL 0.9.8o+  
Citrix Receiver Varies - See PDF (FIPS 140 & SHA2 Line)  
IBM Domino Server [9] SHA2 Not Supported  
IBM HTTP Server [10] 8.5 (Bundled with Domino 9)  
Java based products Java 1.4.2+  
Mozilla NSS Based Products 3.8+  
OpenSSL based products [3] OpenSSL 0.9.8o+  
Oracle Weblogic 10.3.1+  
DETAILED OPERATING SYSTEM SUPPORT
 
SSL CERTIFICATES (CLIENT SIDE)   
SSL CERTIFICATES (SERVER SIDE)  
S/MIME
CODE SIGNING
Windows XP (SP1, SP2) N/A
Windows XP SP3 N/A Partial Partial
Windows Vista N/A Partial
Windows 7 N/A Partial
Windows 8 N/A
         
Windows Server 2003, SP1, SP2
Windows Server 2003 SP1 & SP2 w/ KB 938397   N/A
Windows Server 2003 SP2 w/ KB 968730 Partial N/A
Windows Server 2008 & 2008 R2 Partial
Windows Server 2012 & 2012 R2
         
Windows Phone 5 N/A N/A
Windows Phone 6 N/A N/A
Windows Phone 7 N/A N/A
Windows Phone 8 N/A N/A

Install KB 938397 on Windows Server 2003 to enable the same SHA2 compatibility as Windows XP SP3.
Install KB 968730 on XP SP3 or Server 2003 to fix an issue when authenticating to a 2008 server using SHA2.

EMAIL CLIENTS
 
VERIFY SHA1 SIGNED EMAIL  
VERIFY SHA256 SIGNED EMAIL  
SEND SHA1 SIGNED EMAIL  
SEND SHA256 SIGNED EMAIL
Mozilla Thunderbird 24 on XP SP3 N/A [4]
IBM Notes 8 [8]
IBM Notes 9 [8]
Outlook 2003 / 2007 on XP SP3 [1] [2]
Outlook 2007 on Windows 7 [1] [2]

Set Outlook Hash Algorithm to SHA1

Outlook 2003: Tools > Options > Settings > Security > Settings > Hash Algorithm > SHA1

Outlook 2007, 2010, 2013: File > Options > Trust Center > Trust Center Settings > E-Mail Security > Settings > Hash Algorithm > SHA1

WORD PROCESSORS 
 
VERIFY SHA1
SIGNED DOCUMENT  
VERIFY SHA256
SIGNED DOCUMENT  
PLACE SHA1 SIGNATURE WITH
SHA256 CERTIFICATE  
PLACE SHA256 SIGNATURE WITH
SHA256 CERTIFICATE

Word 2003 & 2007 on XP SP3 [7]

N/A
LibreOffice Writer 4.2 on XP SP3 [7] N/A N/A
CODE SIGNING 
 
EXECUTABLES  
KERNEL DRIVERS  
VBA MACROS: OFFICE 2003, 2007, 2010  
VBA MACROS: OFFICE 2013
Windows XP (SP1, SP2)   N/A
Windows XP SP3 N/A
Windows Vista N/A
Windows 7
Windows 8
SAFENET iKEY / eTOKEN COMPATIBILITY 
 
WORKS WITH SHA2 CERTIFICATE  
PLACE SHA1 SIGNATURE  
PLACE SHA2 SIGNATURE
iKey 4000 [5]
eToken 5100 [6]
MAINFRAME
 
MINIMUM VERSION REQUIRED
IBM z/OS [11] v1r10
SERVICES
 
NOTES
Belgian Online Government Services   No SHA2 Support
Issue PersonalSign3 as SHA1
FDA ESG Works with SHA2
FDA Encrypted email FDA S/MIME firewall cannot handle SHA2
SOURCES

[1] SHA2 and Windows
[2] Common questions about SHA2 and Windows
[3] OpenSSL Changelog
[4] Bug 222179 - User preferences should control ciphers used when sending encrypted S/MIME messages
[5] iKey 4000 Specifications
[6] eToken 5100 Specifications
[7] Verified In-House
[8] IBM Notes SHA2 Support
[9] IBM Domino - No SHA2
[10] IBM HTTP Server
[11] IBM z/OS