Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8340321

Disable SHA-1 in TLS/DTLS 1.2 handshake signatures

XMLWordPrintable

        RFC 9155 [1] deprecates the use of SHA-1 in TLS & DTLS 1.2 digital signatures. This does not affect SHA-1 in TLS server certificates which has already been disabled.

        Other TLS implementations have started deprecating their usage. Chrome 117 has removed support for signature algorithms using SHA-1 for server signatures during the TLS handshake [2]. OpenSSL changed their default security level to 2 in version 3.2.0, and this level disables SHA-1 TLS signatures.

        [1] https://www.rfc-editor.org/rfc/rfc9155.html
        [2] https://chromestatus.com/feature/4832850040324096

              abarashev Artur Barashev
              mullan Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: