Mozilla decided to lift the SHA-1 ban, at least temporarily, in Firefox 43.0.4, released Wednesday.
"The latest version of Firefox re-enables support for SHA-1 certificates to ensure that we can get updates to users behind man-in-the-middle devices, and enable us to better evaluate how many users might be affected," the company said in a blog post. "Vendors of TLS man-in-the-middle systems should be working to update their products to use newer digest algorithms."
Google also plans to ban SHA-1 certificates issued after Jan. 1, starting with the next stable version of Google Chrome -- version 48. However, the company said in blog post in December that it will only ban certificates that meet three criteria: are signed with SHA-1, are issued on or after Jan. 1 and chain back to a public CA.
"Note that sites using new SHA-1 certificates that chain to local trust anchors (rather than public CAs) will continue to work without a certificate error," the company said.
Since self-generated root CA certificates like those used by man-in-the-middle HTTPS inspection systems are not "public" CAs, their users should not be affected. This might be a solution for Mozilla too when it decide to reinstate the ban.
Sign up for Computerworld eNewsletters.