Solution ID : SO25587
As of 2014 SHA-2 certificates (SHA256 and SHA-2 family) is the recommended norm for SSL/TLS handshakes.
Please note however that although a browser or server may support SHA256 certificates it does not mean the SSL/TLS handshake itself will be usng a SHA256 connection when a SHA256 certificate is installed. If the server and browsers are not configured to specifically use SHA256 session ciphers the SSL/TLS handshake will not be SHA256. An example of a SHA256 cipher to be used is AES256-GCM.
At this stage we do not support enabling or disabling of ciphers. Please consult your server vendors for more information on enabling SHA256 on your server.
For a list of supported browsers and server that accept SHA256 certificates according to CA Security Council, please view the following:
OS, Browsers, and Servers which reportedly support SHA-256 in their entirety:
Operating Systems/Other – support SHA-256
Apple iOS 3.0+
Apple OS X 10.5+
Windows Outlook 2003+ running on Service Pack 3 (partial), complete on Windows Vista
Windows Phone 7+
Windows XP SP3+ (patched)
Browsers – support SHA-256
Adobe Acrobat/Reader 7
Chrome under Linux
Chrome under Mac from Mac OS X 10.5
Chrome under Windows Vista and higher
Internet Explorer 7+ and higher
Internet Explorer 7+ under Vista
Internet Explorer 6+ under Windows XP SP3 (patched)
Java 1.4.2+ based products
Mozilla products based on NSS 3.8+ (since April 2003)
Products based on OpenSSL 0.9.8o+
Safari from Mac OS X 10.5+
Windows Phone 7+
Servers – support SHA-256
Apache server and OpenSSL 0.9.8o+
Apache 2.0.63+ , OpenSSL 1.1.x
OpenSSL based servers - OpenSSL 0.9.8o+
Windows Server 2003+ with patch 938397
Windows Server 2003+ or XP client with patch 968730
Windows Server 2008+
Java based servers - 1.4.2+
Cisco ACE module software version A4(1.0)
Citrix Receiver models:
Windows 4.1 (std)
Windows 3.4 (ent)
Windows 8/RT (1.4)
Windows Phone 8 (1.1)Citrix Receiver models:
Oracle WebLogic v10.3.1+ see bug8422724
Oracle Wallet Manager 18.104.22.168+
IBM HTTP Server 8.5 (with Lotus Domino 9+)
Juniper Secure Access - SA 6.4R5, 6.5R3, and 7.0R1 and later releases.
Websphere application Server v22.214.171.124
Servers which reportedly DO NOT support SHA-256 in their entirety
Citrix Receiver models – see URL*
HTML 5 1.2
Blackberry 2.2 / BlackBerry 1.0 Tech Preview
Cisco ACE module software versions A2 and A3
*Windows servers may require the following patch 938397. If using XP to connect the to the server the following patch may also be required 968730.
For more information regarding SHA2 and Windows from Microsoft.
Additionally for SHA256 connections to be made, TLS1.2 may need to be enabled on the system.
*Citrix Receiver models URL (see table)