rfc-9155

Deprecating MD5 and SHA-1 Signature Hashes in TLS 1.2 and DTLS 1.2

L. Velvindron, K. Moriarty, A. Ghedini

date2021-12 streamIETF areasec wgtls statusPROPOSED STANDARD pages5 canonicalhttps://www.rfc-editor.org/rfc/rfc9155 doi10.17487/RFC9155

The MD5 and SHA-1 hashing algorithms are increasingly vulnerable to attack, and this document deprecates their use in TLS 1.2 and DTLS 1.2 digital signatures. However, this document does not deprecate SHA-1 with Hashed Message Authentication Code (HMAC), as used in record protection. This document updates RFC 5246.

updates

rfc-5246 — The Transport Layer Security (TLS) Protocol Version 1.2