Summary

After July 7th 2016, we can no longer support AccessSync or Equipment Manager on devices with SHA-1.

If your device cannot support SHA-2 it will continue to operate and software will still run in most cases. The limitation is when you need to connect to a certified, secure server. Most license servers are secure and this connection will be rejected by the server and fail.

Background

Microsoft® has announced a policy for Certificate Authorities (CAs) that deprecates the use of the SHA1 algorithm in SSL and code signing certificates, in favor of SHA2.

The policy affects CAs who are members of the Windows® Root Certificate Program that issue publicly trusted certificates. It allows CAs to continue to issue SSL and code signing certificates until 1 January 2016, and thereafter issue SHA2 certificates only.

"SHA-1" is a cryptographic hash function (CHF) used to digitally sign certificates for secure websites. Certificates are used to verify the authenticity of website and services. Without cryptographically secure hash functions, digital authentication would be impossible. SHA-1 has its problems though, and is not the most secure CHF imaginable; "SHA-2" is now the new recommended standard. If an organisation's website or web service (e.g., Microsoft Exchange, ArcGIS Server, etc.) updates its certificate to use SHA-2 hash encryption, devices attempting to connect to the service may not be able to connect to it. The move from SHA-1 to SHA-2 is a one-way operation in most server scenarios. For example, once an organisation moves Web server certificates from SHA-1 to SHA-2, clients that don't understand SHA-2 certificates may see warnings or errors - or may even fail (note the severity of the impact depends a lot on the software/server/service in use and how its specific implementation makes use of encrypted certificates. This problem occurs because older versions of Windows Embedded Handheld 6.5 and the Windows Mobile 6.5 OS do not support SHA-2. A device that supports the use of SHA-2 will still be able to connect to services that are still utilizing certificates with the deprecated SHA-1 standard.

More information:
https://www.entrust.com/series/sha-2-migration/
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf
https://support.microsoft.com/en-us/kb/2986556

Updating your operating systems

WARNING:

These operating system updates will erase all data from the device. Make sure you backup your data to your PC before installing. Otherwise you may lose your data.

Note - The process of upgrading Trimble Access from one version to another converts the jobs (and other files like survey styles). If you copy the original Trimble Access data files off the controller and then upgrade the operating system, before installing the new version of Trimble Access please ensure you copy the original Trimble Access data files back onto the controller. If you follow these steps then the original Trimble Access files will be converted and made compatible with the new version of Trimble Access.

Adding SHA2 support to older, discontinued, or legacy products running earlier version of Windows Mobile is not feasible, as it would require a complex process of re-licensing of the device with a newer version of the Microsoft operating system, with an associated per-device license cost and license tracking.

Consequently, the following products will not be updated to support SHA-2:

TCU 1 and TCU2Discontinued and operating system does not support SHA-2
TCU 3Operating system does not support SHA-2
Nomad 900 series and earlierWindows Mobile 6.1 cannot be supported
Geo 5 seriesThere are no plans to update at this time
GeoExplorer 6000 series/ GeoXRDiscontinued, Windows Mobile 6.5 cannot be supported
TSC2 / Ranger X Discontinued, powered by Windows Mobile which cannot be supported
Juno S seriesDiscontinued, powered by Windows Mobile which cannot be supported
Trimble S3Operating system does not support SHA-2
Trimble M3Operating system does not support SHA-2

Other devices not listed may not be able to support SHA-2. Please contact Trimble support to verify and for details.
Trimble recommends upgrading legacy devices to a newer Trimble device that supports SHA2.

For more information contact your local Trimble representative.

 
 
Trimble