It would be useful to also start warning users that SHA-1 and 1024-bit RSA/DSA certificates are a security risk *before* we actually start disabling them.
We add a new jdk.security.legacyAlgorithms security property to the java.security property file. keytool and jarsigner tools will be enhanced to enforce the new property and to print out informational warnings when the legacy algorithms are used. This enables users to plan transitioning away from them. This would also allow a user to edit these properties independently so that you could still get warnings from tools even if the runtime allowed the algorithm.