Ask a Question

Solution ID : SO25585

SHA2 supported Browser and Server List

Solution

As of 2014 SHA-2 certificates (SHA256 and SHA-2 family) is the recommended norm for SSL/TLS handshakes. 

Please note however that although a browser or server may support SHA256 certificates it does not mean the SSL/TLS handshake itself will be usng a SHA256 connection when a SHA256 certificate is installed. If the server and browsers are not configured to specifically use SHA256 session ciphers the SSL/TLS handshake will not be SHA256. An example of a SHA256 cipher to be used is AES256-GCM.

At this stage we do not support enabling or disabling of ciphers. Please consult your server vendors for more information on enabling SHA256 on your server.

For a list of supported browsers and server that accept SHA256 certificates according to CA Security Council, please view the following:

OS, Browsers, and Servers which reportedly support SHA-256 in their entirety:

Operating Systems/Other – support SHA-256
Android 2.3+
Apple iOS 3.0+
Apple OS X 10.5+
Blackberry 5.0+
ChromeOS
Windows 7
Windows Outlook 2003+ running on Service Pack 3 (partial), complete on Windows Vista
Windows Phone 7+
Windows Vista
Windows XP SP3+ (patched)

Browsers – support SHA-256
Adobe Acrobat/Reader 7
Blackberry 5+
Chrome 26+
Chrome under Linux
Chrome under Mac from Mac OS X 10.5
Chrome under Windows Vista and higher
Firefox 1.5+
Internet Explorer 7+ and higher
Internet Explorer 7+ under Vista
Internet Explorer 6+ under Windows XP SP3 (patched)
Java 1.4.2+ based products
Konqueror 3.5.6+
Mozilla 1.4+
Mozilla products based on NSS 3.8+ (since April 2003)
Netscape 7.1+
Opera 9.0+
Products based on OpenSSL 0.9.8o+
Safari from Mac OS X 10.5+
Windows Phone 7+

Servers – support SHA-256
Apache server and OpenSSL 0.9.8o+
Apache 2.0.63+ , OpenSSL 1.1.x 
OpenSSL based servers - OpenSSL 0.9.8o+
Windows Server 2003+ with patch 938397
Windows Server 2003+ or XP client with patch 968730
Windows Server 2008+
Java based servers - 1.4.2+
Cisco ACE module software version A4(1.0)
Citrix Receiver models:
  Mac 11.8.2
  Windows 4.1 (std)
  Windows 3.4 (ent)
  Windows 8/RT (1.4)
  Windows Phone 8 (1.1)Citrix Receiver models:
Oracle WebLogic v10.3.1+ see bug8422724
Oracle Wallet Manager 11.2.0.3+
IBM HTTP Server 8.5 (with Lotus Domino  9+)
Juniper Secure Access -  SA 6.4R5, 6.5R3, and 7.0R1 and later releases. 
Websphere application Server v8.0.0.4

 

Servers which reportedly DO NOT support SHA-256 in their entirety
Servers
Juniper SBR
IBM Domino
Citrix Receiver models – see URL*
Linux 13.0
IOS 5.8.3
Android 3.4.13
HTML 5 1.2
Playbook 1.0
Blackberry 2.2 / BlackBerry 1.0 Tech Preview
Cisco ACE module software versions A2 and A3

*Windows servers may require a patch from Microsoft to support SHA-256 signature algorithm.
For more information visit Microsoft web site.

Additionally for SHA256 connections to be made, TLS1.2 may need to be enabled on the system. 

*Citrix Receiver models URL (see table):