search cancel

sha1 blocking the session application , how to enable SHA-256 ?

book

Article ID: 255669

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

How to disable SHA1 and enable sha256 in the policy. We have an specific application configured with CA API Gateway 9.4. , before it is working with SHA1,
due to patches now the application is not accepting the SHA1. Can you please check and let us know.

Note: Same patch is going to apply on Prod tomorrow, that will effect to multiple clients.

 

Environment

Release : 9.4

Resolution

Please Add the following Cluster Wide Property from Policy Manager connected to your gateway version (same version both)

wss.decorator.digsig.messagedigest = SHA-256

once you setup the CWP, You will be able to see the new encryption used into the Signature Method.

Before to Add the CWP

<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha1"/>

After to Add the CWP

<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>