Apple Drops Support for SHA-1 Certificates in macOS Catalina and iOS 13

In a new support document, Apple has indicated that macOS Catalina and iOS 13 drop support for TLS certificates signed with the SHA-1 hash algorithm, which is now considered to be insecure. SHA-2 is now required at a minimum.

macos catalina safari
Apple says all TLS server certificates must comply with these new security requirements in macOS Catalina and iOS 13:

  • TLS server certificates and issuing CAs using RSA keys must use key sizes greater than or equal to 2048 bits. Certificates using RSA key sizes smaller than 2048 bits are no longer trusted for TLS.

  • TLS server certificates and issuing CAs must use a hash algorithm from the SHA-2 family in the signature algorithm. SHA-1 signed certificates are no longer trusted for TLS.

  • TLS server certificates must present the DNS name of the server in the Subject Alternative Name extension of the certificate. DNS names in the CommonName of a certificate are no longer trusted.

Effective immediately, any connections to TLS servers violating these new requirements will fail and may cause network failures, apps to fail, and websites to not load in Safari in macOS Catalina and iOS 13, according to Apple.

Google, Microsoft, and Mozilla all deprecated SHA-1 certificates in 2017.

Tags: Safari, SHA-1
Related Forums: iOS 13, macOS Catalina

Popular Stories

maxresdefault

Everything Apple Announced at WWDC 2025 in 10 Minutes

Monday June 9, 2025 5:21 pm PDT by
At today's WWDC 2025 keynote event, Apple unveiled a new design that will inform the next decade of iOS, iPadOS, and macOS development, so needless to say, it was a busy day. Apple also unveiled a ton of new features for the iPhone, an overhauled Spotlight interface for the Mac, and a ton of updates that make the iPad more like a Mac than ever before. Subscribe to the MacRumors YouTube channel ...
iPadOS 26 Apple Newsroom

Apple Says iPadOS 26 is Compatible With These iPad Models

Monday June 9, 2025 11:22 am PDT by
Apple today announced that iPadOS 26 will be compatible with the iPad models listed below. iPadOS 26 features a new Liquid Glass design, a menu bar, improved app windowing, and more. iPadOS 26 supports the following iPad models:iPad Pro (M4) iPad Pro 12.9-inch (3rd generation and later) iPad Pro 11-inch (1st generation and later) iPad Air (M2 and later) iPad Air (3rd generation and...
apple beta 26 lineup

Apple 'Sherlocked' These Apps at WWDC 2025

Wednesday June 11, 2025 7:14 am PDT by
Apple at WWDC previewed a bunch of new features coming in its updated operating systems, but certain changes will have been met with dismay by third-party developers who already offer apps with equivalent or similar features. In other words, their product has been "sherlocked" by Apple. When Apple creates an app or a feature that has functionality found in a third-party app, it is referred...
iPhone Car Key WWDC 2025

Apple Says These 13 Vehicle Brands Will Soon Offer iPhone Car Keys

Monday June 9, 2025 2:38 pm PDT by
In 2020, Apple added a digital car key feature to its Wallet app, allowing users to lock, unlock, and start a compatible vehicle with an iPhone or Apple Watch. The feature is currently offered by select automakers, including Audi, BMW, Hyundai, Kia, Genesis, Mercedes-Benz, Volvo, and a handful of others, and it is set to expand further. During its WWDC 2025 keynote today, Apple said that 13...
iOS 26 on Three iPhones

iOS 26 Includes These 100 New Features and Changes for Your iPhone

Tuesday June 10, 2025 11:59 am PDT by
Apple has announced iOS 26, and the upcoming software update includes a long list of new features and changes for iPhones. The first iOS 26 developer beta is now available, and a public beta will follow next month. The update will be released later this year. iOS 26 is compatible with the iPhone 11 and newer. Below, we have provided a high-level overview of 100 new features and changes ...
iOS 26 on Three iPhones

Hate iOS 26's Liquid Glass Design? Here's How to Tone It Down

Wednesday June 11, 2025 4:22 pm PDT by
iOS 26 features a whole new design material that Apple calls Liquid Glass, with a focus on transparency that lets the content on your display shine through the controls. If you're not a fan of the look, or are having trouble with readability, there is a step that you can take to make things more opaque without entirely losing out on the new look. Apple has multiple Accessibility options that ...
iphone 16 pro models 1

17 Reasons to Wait for the iPhone 17

Thursday June 12, 2025 8:58 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we often get rumored features months ahead of launch. The iPhone 17 series is no different, and we already have a good idea of what to expect from Apple's 2025 smartphone lineup. If you skipped the iPhone...
iOS 26 Screens

Here Are All the iOS 26 Features That Require iPhone 15 Pro or Newer

Thursday June 12, 2025 4:53 am PDT by
With iOS 26, Apple has introduced some major changes to the iPhone experience, headlined by the new Liquid Glass redesign that's available across all compatible devices. However, several of the update's features are exclusive to iPhone 15 Pro and iPhone 16 models, since they rely on Apple Intelligence. The following features are powered by on-device large language models and machine...

Top Rated Comments

Sasparilla Avatar
79 months ago
Nice to see them doing this.

Planned obsolescence...smh...
For an insecure encryption algorithm? I would hope they'd deprecate it (following Google, Firefox etc.).
Score: 17 Votes (Like | Disagree)
SteveOfTheStow Avatar
79 months ago
For an insecure encryption algorithm? I would hope they'd deprecate it (following Google, Firefox etc.).
There was an implicit /s in vicviper789's post ;)
Score: 5 Votes (Like | Disagree)
keysofanxiety Avatar
79 months ago
Planned obsolescence...smh...
I know, it's a disgrace. Little known fact: very few websites work well on Netscape Navigator either :mad:
Score: 5 Votes (Like | Disagree)
Soba Avatar
79 months ago
Planned obsolescence...smh...
I get your point and share the frustration, but it's not warranted in this case.

Encryption algorithms have shelf lives, more or less. Weaknesses are periodically discovered that make them vulnerable to cracking or workarounds, as in this case. Generally these problems cannot be fixed in the way ordinary software is patched because the problems are not specific to any vendor and are simply fundamental flaws in the encryption mechanism; the only solution is abandonment of the encryption method and moving on to safer methods.

SHA-1 is over 25 years old and has been known to have problems since at least 2005. Deprecating encryption methods that are known to be too weak or vulnerable is the right thing to do, and if anything, this move is long overdue.
[doublepost=1559832487][/doublepost]
I know, it's a disgrace. Little known fact: very few websites work well on Netscape Navigator either :mad:
I miss Netscape. ;)

I have to laugh at the 40-bit encryption we used in the late 90s (32-bit in some parts of the world). It wasn't thought overly safe even at the time, but that seems just silly, today.
Score: 4 Votes (Like | Disagree)
darngooddesign Avatar
79 months ago
There was an implicit /s in vicviper789's post ;)
It’s impossible to tell if someone is being sincere or sarcastic on the internet; which is why we have ‘/s’.
Score: 4 Votes (Like | Disagree)
vicviper789 Avatar
79 months ago
Planned obsolescence...smh...
Score: 2 Votes (Like | Disagree)