Ask a Question

Solution ID : SO25587

SHA2 supported Browser and Server List

Solution

As of 2014 SHA-2 certificates (SHA256 and SHA-2 family) is the recommended norm for SSL/TLS handshakes. 

Please note however that although a browser or server may support SHA256 certificates it does not mean the SSL/TLS handshake itself will be usng a SHA256 connection when a SHA256 certificate is installed. If the server and browsers are not configured to specifically use SHA256 session ciphers the SSL/TLS handshake will not be SHA256. An example of a SHA256 cipher to be used is AES256-GCM.

At this stage we do not support enabling or disabling of ciphers. Please consult your server vendors for more information on enabling SHA256 on your server.

For a list of supported browsers and server that accept SHA256 certificates according to CA Security Council, please view the following:

OS, Browsers, and Servers which reportedly support SHA-256 in their entirety:

Operating Systems/Other – support SHA-256
Android 2.3+
Apple iOS 3.0+
Apple OS X 10.5+
Blackberry 5.0+
ChromeOS
Windows 7
Windows Outlook 2003+ running on Service Pack 3 (partial), complete on Windows Vista
Windows Phone 7+
Windows Vista
Windows XP SP3+ (patched)

Browsers – support SHA-256
Adobe Acrobat/Reader 7
Blackberry 5+
Chrome 26+
Chrome under Linux
Chrome under Mac from Mac OS X 10.5
Chrome under Windows Vista and higher
Firefox 1.5+
Internet Explorer 7+ and higher
Internet Explorer 7+ under Vista
Internet Explorer 6+ under Windows XP SP3 (patched)
Java 1.4.2+ based products
Konqueror 3.5.6+
Mozilla 1.4+
Mozilla products based on NSS 3.8+ (since April 2003)
Netscape 7.1+
Opera 9.0+
Products based on OpenSSL 0.9.8o+
Safari from Mac OS X 10.5+
Windows Phone 7+

Servers – support SHA-256
Apache server and OpenSSL 0.9.8o+
Apache 2.0.63+ , OpenSSL 1.1.x
OpenSSL based servers - OpenSSL 0.9.8o+
Windows Server 2003+ with patch 938397
Windows Server 2003+ or XP client with patch 968730
Windows Server 2008+
Java based servers - 1.4.2+
Cisco ACE module software version A4(1.0)
Citrix Receiver models:
  Mac 11.8.2
  Windows 4.1 (std)
  Windows 3.4 (ent)
  Windows 8/RT (1.4)
  Windows Phone 8 (1.1)Citrix Receiver models:
Oracle WebLogic v10.3.1+ see bug8422724
Oracle Wallet Manager 11.2.0.3+
IBM HTTP Server 8.5 (with Lotus Domino  9+)
Juniper Secure Access -  SA 6.4R5, 6.5R3, and 7.0R1 and later releases.
Websphere application Server v8.0.0.4

Servers which reportedly DO NOT support SHA-256 in their entirety
Servers
Juniper SBR
IBM Domino
Citrix Receiver models – see URL*
Linux 13.0
IOS 5.8.3
Android 3.4.13
HTML 5 1.2
Playbook 1.0
Blackberry 2.2 / BlackBerry 1.0 Tech Preview
Cisco ACE module software versions A2 and A3

*Windows servers may require the following patch 938397. If using XP to connect the to the server the following patch may also be required 968730.
For more information regarding SHA2 and Windows from Microsoft.  

Additionally for SHA256 connections to be made, TLS1.2 may need to be enabled on the system. 

*Citrix Receiver models URL (see table)