What is your use for SHA-1? Are you using it in your own code, like
`MessageDigest.getInstance("SHA-1")` or do you have signed JARs? Or maybe
certificates that use SHA-1? (though I don't think those have been a thing
for quite some time)java.security.MessageDigest for Java 8 supposed to support MD5, SHA-1, and SHA-256 (see https://docs.oracle.com/javase/8/docs/api/java/security/MessageDigest.html). I see references that SHA-1 has been disable for signed JARs (ex., https://bugs-stage.openjdk.java.net/browse/JDK-8270610 and more https://adoptium.net/release_notes.html). However I do not see that SHA-1 has been dropped from MessageDigest. Asking for a friend... On Wed, Feb 16, 2022 at 4:03 PM Noelette Stout <noelettest...@isu.edu> wrote: > Based on those errors, it sounds like SHA-1 has been desupported in the > newer OpenJDK version. > > On Wed, Feb 16, 2022 at 1:55 PM Robert Hicks <robert.hi...@gmail.com> > wrote: > > > We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292 > and > > have no issues. > > > > We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG > > SecureRandom not available" and "SHA MessageDigest not available" and > > "SHA-1 not available" and others. > > > > We downgrade to .40 and _292 and all is well again. > > > > Was there a change that could possibly cause that? > > > > Has anyone else seen this behavior? > > > > We are currently troubleshooting to see if we missed something on our end > > and can supply logs when that happens. > > > > Thanks! > > > > -- > > Bob > > > > > -- > Noelette Stout > ITS Enterprise Applications - Senior Application Administrator > Idaho State University > E-mail: stounoel "at" isu "dot" edu > Desk: 208-282-2554 > -- "Hell hath no limits, nor is circumscrib'd In one self-place; but where we are is hell, And where hell is, there must we ever be" --Christopher Marlowe, *Doctor Faustus* (v. 111-13)
