Can SHA1 certificate be used for SHA256 cipher?

Question

I have two Windows 2008 R2 domain controllers configured with TLS 1.2. Both certificates are SHA1-RSA. I captured network traffic between two DCs while running LDAPS (LDP.EXE). It seems TLS 1.2 was agreed but the cipher it was used TLSCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA256 { 0x00, 0x3C }

So by looking at it, is it going to use SHA1 certificate to sign SHA256 hash? Will that work? Why it didn't pick up SHA1 cipher?

Note: SHA256 and SHA1 are not ciphers (but they may be part of a cipher suite) — user253751, Nov 26 '15 at 06:00

score 5 · Answer 1 · answered Nov 26 '15 at 04:28

That's fine. It used SHA256 because that's stronger than SHA1. The signature in the cert is only used during validation of the cert and doesn't have any direct effect on the chosen cipher.

That said, SHA1 is being phased out as this Google Chrome blog post explains.

Can SHA1 certificate be used for SHA256 cipher?

1 Answers1

Related