Ask a Question

Advanced Search

Solution ID : SO25586

Last Modified : 05/21/2018

SHA2 supported Browser and Server List


The National Institute of Standards and Technology (NIST) has determined that the SHA-128 algorithm (SHA-1) cryptographic algorithm could be vulnerable to attacks in the near future. Symantec is committed to the security of all of its products, partners, and customers. As such, SHA-2 certificates (SHA256 and SHA-2 family) is the recommended norm for SSL/TLS handshakes. 

Although a browser, server, platform, or infrastructure claims to support SHA256 certificates, it is possible for the SSL/TLS handshakes to attempt a non-SHA256 connection. Symantec may reject these connections and recommends configuring settings to specifically use SHA256 session ciphers. For example, a SHA256 cipher available is AES256-GCM.

Please consult your server vendors for more information on enabling SHA256 in your environment. For a list of supported browsers, operating systems, and servers that support SHA-256 Hashes in SSL Certificates, refer to this page: CA Security Council. This following is quoted from this link:

OS, Browsers, and Servers which reportedly support SHA-256 in their entirety:

Operating Systems/Other – support SHA-256
Android 2.3+
Apple iOS 3.0+
Apple OS X 10.5+
Blackberry 5.0+
Windows 7
Windows Outlook 2003+ running on Service Pack 3 (partial), complete on Windows Vista
Windows Phone 7+
Windows Server 2003 SP2 +Hotfixes (Partial)
Windows Server 2003 with MS13-095 installed
Windows Server 2008 Windows Server 2008 R2 Windows Vista Windows XP SP3+

Browsers – support SHA-256
Adobe Acrobat/Reader 7
Blackberry 5+
Chrome 26+
Chrome under Linux
Chrome under Mac from Mac OS X 10.5
Chrome under Windows Vista and higher
Firefox 1.5+
Internet Explorer 7+ and higher
Internet Explorer 7+ under Vista
Internet Explorer 6+ under Windows XP SP3 (patched)
Java 1.4.2+ based products
Konqueror 3.5.6+
Mozilla 1.4+
Mozilla products based on NSS 3.8+ (since April 2003)
Netscape 7.1+
Opera 9.0+
Products based on OpenSSL 0.9.8o+
Safari from Mac OS X 10.5+
Windows Phone 7+

Servers – support SHA-256
Apache server and OpenSSL 0.9.8o+
Apache 2.0.63+ , OpenSSL 1.1.x
OpenSSL based servers - OpenSSL 0.9.8o+
Windows Server 2003+ with patch 938397
Windows Server 2003+ or XP client with patch 968730
Windows Server 2008+
Java based servers - 1.4.2+
Cisco ACE module software version A4(1.0)
Citrix Receiver models:
  Mac 11.8.2
  Windows 4.1 (std)
  Windows 3.4 (ent)
  Windows 8/RT (1.4)
  Windows Phone 8 (1.1)Citrix Receiver models:
Oracle WebLogic v10.3.1+ see bug8422724
Oracle Wallet Manager
IBM HTTP Server 8.5 (with Lotus Domino  9+)
Juniper Secure Access -  SA 6.4R5, 6.5R3, and 7.0R1 and later releases.
Websphere application Server v8.0.0.4

Servers which reportedly DO NOT support SHA-256 in their entirety

Juniper SBR
IBM Domino
Citrix Receiver models – see URL*
Linux 13.0
IOS 5.8.3
Android 3.4.13
HTML 5 1.2
Playbook 1.0
Blackberry 2.2 / BlackBerry 1.0 Tech Preview
Cisco ACE module software versions A2 and A3


*Citrix Receiver models URL (see table)