In most modes, TLS 1.2 uses a signature in the ServerKeyExchange message to prove ownership of the private key. (Note this is NOT related to SHA-1 certificates.) There is an extension, signature_algorithms, to negotiate which signature algorithms are acceptable. To reduce dependencies on SHA-1 and prepare for TLS 1.3's new ECDSA handling, we intend to remove ECDSA with SHA-1 and ECDSA with SHA-512, leaving only SHA-256 and SHA-384 for ECDSA.


Working draft or equivalent

Status in Chromium


Removed (tracking bug) in:

  • Chrome for desktop release 56
  • Chrome for Android release 56
  • Android WebView release 56

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • No signal
  • No signals


Search tags

tls, ecdsa,

Last updated on 2021-05-06