lhotari opened a new issue #8585: URL: https://github.com/apache/pulsar/issues/8585
** Problem ** In TLSv1.3, certificates using SHA-1 signature algorithm are considered legacy and it's not recommended that TLSv1.3 implementations accept certificates that use SHA-1 signature algorithms. [In RFC8446, section 4.4.2.4. Receiving a Certificate Message](https://tools.ietf.org/html/rfc8446#section-4.4.2.4) _SHA-1 is deprecated, and it is RECOMMENDED that any endpoint receiving any certificate which it would need to validate using any signature algorithm using a SHA-1 hash abort the handshake with a "bad_certificate" alert._ ** Solution ** Update all certificates (server and client) used in Pulsar tests to use SHA-256 signature algorithms so that it's possible to add TLSv1.3 support. **Additional context** #8580, #8581 [TLSv1.3 is available in Java 8 since 8u161 (since OpenJDK 8u272)](https://github.com/AdoptOpenJDK/openjdk-build/issues/1254#issuecomment-683337917). ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
