Summary

Disable SHA-1 in TLS/DTLS 1.2 handshake signatures

Problem

RFC 9155 deprecates the use of SHA-1 in TLS & DTLS 1.2 digital signatures. This does not affect SHA-1 in TLS server certificates.

Solution

Add "rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature" to the dk.tls.disabledAlgorithms security property in java.security config file. This will prevent TLS client from sending rsa_pkcs1_sha1, ecdsa_sha1 and dsa_sha1 signature schemes in ClientHello's signature_algorithms extension. This will also prevent TLS server from sending the above-mentioned signature schemes in CertificateRequest message. If TLS client and server can't agree on a mutually supported handshake signature scheme then SSLHandshakeException with the error message "No supported signature algorithm" will be thrown.

Specification

The definition of the jdk.tls.disabledAlgorithms security property in the java.security file will be appended with "rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature" string.