JDK-8353566 : Disable SHA-1 in TLS/DTLS 1.2 handshake signatures
  • Type: CSR
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P2
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 8-pool,11-pool,17-pool,21-pool,23-pool,24-pool,25
  • Submitted: 2025-04-02
  • Updated: 2025-04-07
  • Resolved: 2025-04-07
Related Reports
CSR :  
JDK-8340321 - Disable SHA-1 in TLS/DTLS 1.2 handshake signatures
Description
Summary
-------
Disable SHA-1 in TLS/DTLS 1.2 handshake signatures

Problem
-------
RFC 9155 deprecates the use of SHA-1 in TLS & DTLS 1.2 digital signatures. This does not affect SHA-1 in TLS server certificates.

Solution
--------
Add "rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature" to the `dk.tls.disabledAlgorithms` security property in `java.security` config file. This will prevent TLS client from sending `rsa_pkcs1_sha1, ecdsa_sha1 and dsa_sha1` signature schemes in ClientHello's `signature_algorithms` extension. This will also prevent TLS server from sending the above-mentioned signature schemes in CertificateRequest message. If TLS client and server can't agree on a mutually supported handshake signature scheme then `SSLHandshakeException` with the error message "No supported signature algorithm" will be thrown.

Specification
-------------
The definition of the `jdk.tls.disabledAlgorithms` security property in the `java.security` file will be appended with "rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature" string.
Comments
Moving to Approved.
07-04-2025