Why does the iOS app with TLS 1.3 offer SHA-1 as signature algorithm

I was investigating the Client Hello for my iOS app and saw that the TLS 1.3 handshake with Client Hello sends Signature Algorithm: rsa_pkcs1_sha1 (0x0201) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: RSA (1)

I thought SHA-1 is not being used anymore.

The Full list of offered signature_algorithms from the client

in the Extension: signature_algorithms (len=24) Type: signature_algorithms (13) Length: 24 Signature Hash Algorithms Length: 22 Signature Hash Algorithms (11 algorithms) Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: SM2 (4) Signature Algorithm: rsa_pkcs1_sha256 (0x0401) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: ecdsa_sha1 (0x0203) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: rsa_pss_rsae_sha384 (0x0805) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (5) Signature Algorithm: rsa_pss_rsae_sha384 (0x0805) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (5) Signature Algorithm: rsa_pkcs1_sha384 (0x0501) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pss_rsae_sha512 (0x0806) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (6) Signature Algorithm: rsa_pkcs1_sha512 (0x0601) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pkcs1_sha1 (0x0201) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: RSA (1)

Answered by tapework in 769638022

Hi !

I am using standard URLSession . no custom ATS settings. I can be reproduced with all fresh created apps in Xcode 15.

struct ContentView: View {
    @StateObject var client = NetworkClient()
    @State var text: String
    var body: some View {
        VStack {
            Image(systemName: "globe")
                .imageScale(.large)
                .foregroundStyle(.tint)
            Text(text)
        }.task {
            do {
                let res = try await client.request()
                self.text = res
            } catch {}
        }
        .padding()
    }
}

class NetworkClient: ObservableObject {
    func request() async throws -> String {
        let (data, _) = try await URLSession.shared.data(for: .init(url: .init(string: "https://www.apple.com")!))
        return String(data: data, encoding: .utf8) ?? "empty"
    }
}

What API are you using? Network framework? URLSession? Something else?

If it’s URLSession, have you changed the ATS settings?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Accepted Answer

Hi !

I am using standard URLSession . no custom ATS settings. I can be reproduced with all fresh created apps in Xcode 15.

struct ContentView: View {
    @StateObject var client = NetworkClient()
    @State var text: String
    var body: some View {
        VStack {
            Image(systemName: "globe")
                .imageScale(.large)
                .foregroundStyle(.tint)
            Text(text)
        }.task {
            do {
                let res = try await client.request()
                self.text = res
            } catch {}
        }
        .padding()
    }
}

class NetworkClient: ObservableObject {
    func request() async throws -> String {
        let (data, _) = try await URLSession.shared.data(for: .init(url: .init(string: "https://www.apple.com")!))
        return String(data: data, encoding: .utf8) ?? "empty"
    }
}

These TLS cypher suites use SHA-1 within HMAC, and SHA-1 is still generally considered secure in that case [1].

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] Quoting the Fount of All Knowledge™:

However, SHA-1 is still secure for HMAC.

thanks for the hint

Why does the iOS app with TLS 1.3 offer SHA-1 as signature algorithm
 
 
Q