Duo is joining Google and the CA/Browser Forum in proactively migrating away from SHA-1 SSL certificates to the secure SHA-2 algorithm. More details and resources on the weaknesses of the SHA-1 algorithm are available at the end of this document.
As the security of our two-factor authentication service is of utmost importance, the Duo cloud service will switch over to SHA-2 SSL certificates on January 5th, 2015.
Migrating the Duo cloud service from SHA-1 to SHA-2 may have an impact on Duo applications, end user browsers, or end user mobile devices that utilize legacy versions of SSL libraries that do not support the SHA-2 algorithm in certificates. Affected applications or users may be unable to connect and authenticate to Duo’s cloud service.
While the vast majority of our customers will be unaffected by this migration, we still recommend reviewing the affected platforms below to ensure you meet the minimum required versions.
If you have any questions about this migration, please contact our support team!
The migration to SHA-2 certificates may affect both your applications (eg. systems and services protected by Duo) and your end users (eg. the systems your users use to log in to Duo-protected systems and services). Affected applications or users may be unable to connect and authenticate to Duo’s cloud service.
We’ve determined that a number of Duo applications may be impacted by the SHA-2 transition, if used in conjunction with older systems and libraries. If you use any of the following applications, you should ensure that these requirements are met:
|RDP for Windows Server 2003 (GINA module)||MS13-095 update |
|RDP for Windows XP (GINA module)||Service Pack 3 (SP3)|
|Duo OpenVPN Access Server (AS)||OpenVPN AS 1.8.3 |
|Duo OpenVPN||OpenSSL 0.9.8o |
|Duo Unix||OpenSSL 0.9.8o |
|Duo API Client for Python (duo_client_python)||OpenSSL 0.9.8o |
|Duo API Client for Perl (duo_api_perl)||OpenSSL 0.9.8o |
|Duo Authentication Proxy (Linux only)||OpenSSL 0.9.8|
|Duo WordPress||OpenSSL 0.9.8|
|Duo API client for NodeJS (duo_api_nodejs)||OpenSSL 0.9.8|
|Duo API client for Ruby (duo_api_ruby)||OpenSSL 0.9.8|
 MS13-095: https://technet.microsoft.com/en-us/library/security/ms13-095.aspx
 We have confirmed that this version supports SHA-2. Earlier versions may also work.
 Many Linux distributions backported SHA-2 OpenSSL support to earlier versions (eg. RHEL 5).
If any of your systems do not meet the listed requirements, then the switch to SHA-2 SSL certificates will mean that these applications will no longer be able to communicate with Duo's service. Where supported and configured, this will trigger the application’s "fail-open" behavior.
The following table lists potentially-affected end user operating systems and their minimum requirements for supporting SHA-2 certificates.
If users in your organization are using an affected platform and do not meet the minimum requirements, then the switch to SHA-2 SSL certificates will mean that the user’s web browser will not be able to communicate with Duo’s service. This can affect both end user authentication as well as admin access to the Duo administrative interface.
|End User OS||Minimum Requirements|
|Windows Server 2003||MS13-095 update |
|Windows XP||Service Pack 3 (SP3)|
|Mac OS X||OS X 10.5 (Leopard)|
|BlackBerry||BB OS 5.0|
Ensure that all deployments of applications listed in the table above meet the minimum listed requirements by applying the relevant service packs or updates.
Ensure that end users on affected operating systems meet the minimum requirements listed above by applying the relevant service packs, security updates, or operating system upgrades.
The switch to the SHA-2 certifications for Duo’s cloud service will occur on January 5th, 2015. Please ensure that your applications and end users meet the minimum requirements for SHA-2 by that date.
From Google's blog post on their migration to SHA-2:
The SHA-1 cryptographic hash algorithm has been known to be considerably weaker than it was designed to be since at least 2005 — 9 years ago. Collision attacks against SHA-1 are too affordable for us to consider it safe for the public web PKI. We can only expect that attacks will get cheaper.
SHA-1's use on the Internet has been deprecated since 2011, when the CA/Browser Forum, an industry group of leading web browsers and certificate authorities (CAs) working together to establish basic security requirements for SSL certificates, published their Baseline Requirements for SSL. These Requirements recommended that all CAs transition away from SHA-1 as soon as possible, and followed similar events in other industries and sectors, such as NIST deprecating SHA-1 for government use in 2010.