Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Can you disable SHA1 with jdk.certpath.disabledAlgorithms?

1805461Jul 7 2016 — edited Jul 8 2016

If I add "SHA256" to jdk.certpath.disabledAlgorithms in java.security, I can no longer create SSL connections to a server with a certificate with a signature algorithm of "SHA256withRSA".


However, if I add "SHA1" to  jdk.certpath.disabledAlgorithms, I can still create SSL connections to a server with a certificate with a signature algorithm of "SHA1withRSA".

I have also tried adding "SHA-1" and "SHA1withRSA", with no luck.


Does anyone know why SHA256 can be disabled in this way, but not SHA1?

This is not just idle curiosity - I am trying to understand what other things might bear on disabling cert algorithms.

(This is jre1.8.0_66.)


Thanks in advance.

Kevin
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Aug 5 2016
Added on Jul 7 2016
#java-secure-socket-extension-jsse
1 comment
3,416 views