Daniel is correct in the SHA-2 thing....
But it won't be taken as a Spar, that was tried and already declined, it needs to be done as a FER(Feature Enhancement Request)
Since my post Monday some things have been confirmed, the printer (Almost all the Fuji-Xerox machines) don't support SHA-2. They never did, so a spar (It's broken, we gotta fix it) won't be considered, it has to be a FER (It can't do it, but we would like it to).
Timeline for a fix is unknown, and is not guaranteed, but as we get more and more FER requests submitted the more visibility this will get and drive it to a higher priority.
Microsoft is going to switch, Chrome as well, GoDaddy too, Office365 soon.
A few timelines
- Microsoft’s SHA-1 deprecation plan differs in the activation time and browser behavior. Microsoft’s security advisory on “Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program” informed us that Windows will cease accepting SHA-1 SSL certificates on January 1, 2017. To continue to work with Microsoft platforms, all SHA-1 SSL certificates issued before or after this announcement must be replaced with a SHA-2 equivalent by January 1, 2017.
- Chrome version 39 and later will display visual security indicators on sites with SHA-1 SSL certificates with validity beyond January 1, 2016. The production release of Chrome 39 is expected to be in November, 2014. The sites will be treated with one of the following indicators: “secure, but with minor errors” (lock with yellow triangle), “neutral, lacking security” (blank page icon) and “affirmative insecure” (lock with a red X). In order to prevent online users on Chrome version 39 and later from experiencing these indicators, SHA-1 SSL certificates expiring after December 31, 2015 must be replaced with SHA-256 (SHA-2) certificates.
https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1
https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-deprecation-what-you-need-to-know
Fuji-Xerox has made an official pdf for their products, but Xerox typically changes the device names for release in other markets.
I can confirm the issue exists on the 53xx, 7120, 560 families.
It likely exists on the C75,J75, C60/C70.
Long update made short:
If you are getting this, call Xerox, get to 2nd level state you heard about the SHA-2 issue, and would like to get a FER started because you need that ability on your device and are receiving the error.
Long hold time to be expected for the foreseeable future, the poor guys* and girls who have to support these machines will be getting hammered with calls, but they know that it won't be fixed without those calls, , best bet is you just call, wait in line and get it reported for your site.
*I am one of them.