Algorithm aliases of SHA-1 in DisabledAlgorithmConstraints

Bernd Eckenfels ecki at
Mon Mar 12 19:07:41 UTC 2018

I always thought the logic is ‚case insensitive substring of canonical name‘, so it also works with things like ‚DHE‘ in ciphers. In that case ‚SHA‘ would match SHA-1 as well as SHA-xxx.

From: security-dev <security-dev-bounces at> on behalf of Sean Mullan <sean.mullan at>
Sent: Monday, March 12, 2018 3:41:36 PM
To: Weijun Wang; security-dev at
Subject: Re: Algorithm aliases of SHA-1 in DisabledAlgorithmConstraints

On 3/12/18 4:39 AM, Weijun Wang wrote:
> I put "SHA-1" in a DisabledAlgorithmConstraints, it rejects SHA1 but allows sha1.

That sounds like a bug.

> The reason is that does not see "sha1".
> On the other hand, it rejects both "SHA-1" and "sha-1", because it's a direct case-insenstive match.
> Also, it allows both "SHA" and "sha" because there is no special code for it. Isn't "SHA" also an alias of "SHA-1"?
> Do you think all these names should be recognized? Shall we clarify it in the spec?

I would tend to think that we should only specify (or guarantee) that
standard names are checked and used in the disabled algorithm
properties. Aliases have never been a supported/standard feature, so I
think if we start to accommodate them, then we have to document that and
it increases the complexity of the code and chance that we might miss
one. For example, SHA is an alias for SHA-1 in the JDK Sun provider but
there is no corresponding alias for SHAwithRSA in the SunRsaSign
provider, so it is inconsistent already.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the security-dev mailing list