-
Enhancement
-
Resolution: Fixed
-
P2
-
None
-
b18
RFC 9155 [1] deprecates the use of SHA-1 in TLS & DTLS 1.2 digital signatures. This does not affect SHA-1 in TLS server certificates which has already been disabled.
Other TLS implementations have started deprecating their usage. Chrome 117 has removed support for signature algorithms using SHA-1 for server signatures during the TLS handshake [2]. OpenSSL changed their default security level to 2 in version 3.2.0, and this level disables SHA-1 TLS signatures.
[1] https://www.rfc-editor.org/rfc/rfc9155.html
[2] https://chromestatus.com/feature/4832850040324096
Other TLS implementations have started deprecating their usage. Chrome 117 has removed support for signature algorithms using SHA-1 for server signatures during the TLS handshake [2]. OpenSSL changed their default security level to 2 in version 3.2.0, and this level disables SHA-1 TLS signatures.
[1] https://www.rfc-editor.org/rfc/rfc9155.html
[2] https://chromestatus.com/feature/4832850040324096
- csr for
-
JDK-8353566 Disable SHA-1 in TLS/DTLS 1.2 handshake signatures
-
- Closed
-
- is blocked by
-
-
- Resolved
-
- relates to
-
-
- Open
-
- links to
-
Commit(master)
openjdk/jdk/dfa79c37
-
Review(master)
openjdk/jdk/24367