[
https://issues.apache.org/jira/browse/CXF-5013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13656922#comment-13656922
]
Colm O hEigeartaigh commented on CXF-5013:
------------------------------------------
I'll apply the patch. However, the solution is really for the WS-SecurityPolicy
specification to be updated to support SHA-256. You also have the option to
create your own AlgorithmSuite implementation.
Colm.
> Need support for SHA256 Signature Algorithms
> --------------------------------------------
>
> Key: CXF-5013
> URL: https://issues.apache.org/jira/browse/CXF-5013
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.6.2
> Environment: All supported platforms
> Reporter: Syed Abdul Wadood
> Fix For: 2.6.7
>
> Attachments: sha256_sigalg.patch, Sha2SignatureAlgorithmTest.java
>
> Original Estimate: 96h
> Remaining Estimate: 96h
>
> Due to the weakness of SHA1 algorithm, US National Institute of Standards and
> Technology (NIST) has recommended that SHA256 or higher algorithms be used.
> Using SHA256 is also required by Federal Information Processing Standard
> (FIPS).
> Currently, there is no way to specify SHA256 Signature algorithms when
> signing a message part using Web services security.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
