50% of SSL Signed with SHA-2 Cryptography – Heartbleed Effect

Heartbleed bug has taught us many lessons and alerted the world about algorithm and security aspect. To fix this bug, it is quite necessary to reissuance and revocation of the certificate. Here, the good news is that many organizations have reissued their certificates with new hash algorithm named SHA-2 instead of SHA-1. Many of you may not aware about the use of SHA-2 in SSL certificates.

SHA-2 is a set of cryptography hash function that includes six has functions including SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256. NIST (National Institute of Standards and Technology) has designed SHA-2 in 2001.

Algorithm / Variant Output size (bits) Internal state size (bits) Block size (bits) Max message size (bits) Word size (bits) Rounds
SHA-1 160 160 512 264 – 1 32 80
SHA-2 SHA-224 224 256 512 264 – 1 32 64
SHA-256 256 256 512 264 – 1 32 64
SHA-384 384 512 1024 2128 – 1 64 80
SHA-512 512
SHA-512/224 224
SHA-512/256 256

SHA-2 is more powerful algorithm than SHA-1. It is believed that after Heartbleed bug, 50% of certificates implemented with SHA-2 algorithm instead of SHA-1.

Microsoft had also published a security advisory named “Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program”. Therefore, Window is also going to cease the use of SHA-1 certificates on January 1, 2017. All certificates signed with SHA-1 algorithm must be changed with a SHA-2 (SHA-256) before January 1, 2017. Even window XP that is no longer supported by Microsoft was able to allow certificates signed with SHA-256, SHA-384, and SHA-512.

Cheap SSL

Certificate authorities must start the migration to SHA-2 as soon as possible to make long-term certificates alive. Even NIST (National Institute of Standards and Technology) has also published in a note, which will not allow the use of SHA-1 algorithm after December 2013.

The bad news is that there are 92% SSL certificates were signed with SHA-1 instead of SHA-2. However, the Heartbleed bug has changed the whole scenario and compelled website administrators to use SHA-2 algorithm in place of SHA-1.

There are almost 7% new certificates have been using SHA-2. Almost nearly 200000 valid third party certificates have accepted SHA-2 algorithm.

To make this change easy for you, Symantec had published a little FAQ support on its website.


ClickSSL also want to make its customers more secure by providing enhanced cryptographic standards with all SSL certificates including Code Signing certificates. Therefore, we are offering SHA-2 SSL certificates to secure website, intranet/extranet, mail servers and applications. It is advisable to migrate any SHA-1 algorithm that expire after January 1, 2017 and SHA-1 code signing certificates that expire after January 1, 2016.


The increased strength of algorithm reminds us about Moore’s law that stated, over the time; computer speed is increased twice in almost 18 months.  It means that with current computer technology, you can break algorithm in a billion years, but when the computer technology changes every 18 months, you need a strong cryptography to protect against such powerful threats.


We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.