JDK 7u implements TLS 1.2 in accordance with RFC 5246, which defines a single `signature_algorithms` extension that applies to both TLS handshake signatures and certificate signatures. Unlike later specifications, it does not distinguish between these two usages. As a result, signature algorithms cannot be selectively disabled for handshake messages while remaining enabled for certificate validation. This tight coupling prevents fine-grained deprecation of algorithms such as SHA-1 limited only to handshake signatures.

Users who wish to disable SHA-1 signature algorithms in TLS 1.2 may do so by adding `"SHA1withRSA, SHA1withECDSA, SHA1withDSA"` to the `jdk.tls.disabledAlgorithms` security property in the `java.security` config file.
However, users should be aware that this setting applies globally to TLS signature usage in JDK 7u will therefore reject all SHA-1 signed certificates, potentially impacting interoperability with legacy servers.