Security News > 2020 > August > Microsoft reprieves SHA-1 deprecation in Edge 85 security baseline

Microsoft has published a new security baseline for Microsoft Edge and one of the new rules is titled "Allow certificates signed using SHA-1 when issued by local trust anchors."

Which may surprise some readers seeing as the United States National Institute of Standards and Technology deprecated SHA-1 in 2011 and Microsoft banished it from its Internet Explorer and Edge browsers in 2017.

"Microsoft Edge forbids certificates signed using SHA-1 by default, and the security baseline is enforcing this to ensure Enterprises recognize that allowing SHA-1 chains is not a secure configuration," wrote Microsoft security chap Rick Munck.

The new baseline for Edge 85 also adds a policy titled "Define a list of protocols that can launch an external application from listed origins without prompting the user" that will mean users will be given an option to always allow browsers to spawn local apps.

Microsoft rates its full list of Edge policies a 313-minute read. But we've all got time on our hands right now so why not jump in? .

News URL

https://go.theregister.com/feed/www.theregister.com/2020/08/31/microsoft_edge_sha_1_revival/