Solution ID : SO25585
As of 2014 SHA-2 certificates (SHA256 and SHA-2 family) is the recommended norm for SSL/TLS handshakes.
Please note however that although a browser or server may support SHA256 certificates it does not mean the SSL/TLS handshake itself will be usng a SHA256 connection when a SHA256 certificate is installed. If the server and browsers are not configured to specifically use SHA256 session ciphers the SSL/TLS handshake will not be SHA256. An example of a SHA256 cipher to be used is AES256-GCM.
At this stage we do not support enabling or disabling of ciphers. Please consult your server vendors for more information on enabling SHA256 on your server.
For a list of supported browsers and server that accept SHA256 certificates according to CA Security Council, please view the following:
OS, Browsers, and Servers which reportedly support SHA-256 in their entirety:
Operating Systems/Other – support SHA-256
Apple iOS 3.0+
Apple OS X 10.5+
Windows Outlook 2003+ running on Service Pack 3 (partial), complete on Windows Vista
Windows Phone 7+
Windows XP SP3+ (patched)
Browsers – support SHA-256
Adobe Acrobat/Reader 7
Chrome under Linux
Chrome under Mac from Mac OS X 10.5
Chrome under Windows Vista and higher
Internet Explorer 7+ and higher
Internet Explorer 7+ under Vista
Internet Explorer 6+ under Windows XP SP3 (patched)
Java 1.4.2+ based products
Mozilla products based on NSS 3.8+ (since April 2003)
Products based on OpenSSL 0.9.8o+
Safari from Mac OS X 10.5+
Windows Phone 7+
Servers – support SHA-256
Apache server and OpenSSL 0.9.8o+
Apache 2.0.63+ , OpenSSL 1.1.x
OpenSSL based servers - OpenSSL 0.9.8o+
Windows Server 2003+ with patch 938397
Windows Server 2003+ or XP client with patch 968730
Windows Server 2008+
Java based servers - 1.4.2+
Cisco ACE module software version A4(1.0)
Citrix Receiver models:
Windows 4.1 (std)
Windows 3.4 (ent)
Windows 8/RT (1.4)
Windows Phone 8 (1.1)Citrix Receiver models:
Oracle WebLogic v10.3.1+ see bug8422724
Oracle Wallet Manager 184.108.40.206+
IBM HTTP Server 8.5 (with Lotus Domino 9+)
Juniper Secure Access - SA 6.4R5, 6.5R3, and 7.0R1 and later releases.
Websphere application Server v220.127.116.11
Servers which reportedly DO NOT support SHA-256 in their entirety
Citrix Receiver models – see URL*
HTML 5 1.2
Blackberry 2.2 / BlackBerry 1.0 Tech Preview
Cisco ACE module software versions A2 and A3
*Windows servers may require a patch from Microsoft to support SHA-256 signature algorithm.
For more information visit Microsoft web site.
Additionally for SHA256 connections to be made, TLS1.2 may need to be enabled on the system.
*Citrix Receiver models URL (see table):