In most modes, TLS 1.2 uses a signature in the ServerKeyExchange message to prove ownership of the private key. (Note this is NOT related to SHA-1 certificates.) There is an extension, signature_algorithms, to negotiate which signature algorithms are acceptable. To reduce dependencies on SHA-1 and prepare for TLS 1.3's new ECDSA handling, we intend to remove ECDSA with SHA-1 and ECDSA with SHA-512, leaving only SHA-256 and SHA-384 for ECDSA.


Specification link

Specification currently under development in a Working Group

Status in Chromium


Removed (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • No signals


Search tags

tls, ecdsa,

Last updated on 2021-05-06