diff --git a/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs b/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs index 497aa359a67075..9d963c4015aa5f 100644 --- a/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs +++ b/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs @@ -163,7 +163,7 @@ internal static SafeSslContextHandle GetOrCreateSslContextHandle(SslAuthenticati if (sslAuthenticationOptions.IsClient) { - var key = new SslContextCacheKey(protocols, sslAuthenticationOptions.CertificateContext?.TargetCertificate.GetCertHash(HashAlgorithmName.SHA256)); + var key = new SslContextCacheKey(protocols, sslAuthenticationOptions.CertificateContext?.TargetCertificate.GetCertHash(HashAlgorithmName.SHA512)); return s_clientSslContexts.GetOrCreate(key, static (args) => { var (sslAuthOptions, protocols, allowCached) = args; diff --git a/src/libraries/System.Net.Quic/src/System/Net/Quic/Internal/MsQuicConfiguration.Cache.cs b/src/libraries/System.Net.Quic/src/System/Net/Quic/Internal/MsQuicConfiguration.Cache.cs index 4db0f88bf71a48..7ae1a571a0f778 100644 --- a/src/libraries/System.Net.Quic/src/System/Net/Quic/Internal/MsQuicConfiguration.Cache.cs +++ b/src/libraries/System.Net.Quic/src/System/Net/Quic/Internal/MsQuicConfiguration.Cache.cs @@ -5,6 +5,7 @@ using System.Collections.Generic; using System.Collections.Concurrent; using System.Collections.ObjectModel; +using System.Security.Cryptography; using System.Security.Authentication; using System.Net.Security; using System.Security.Cryptography.X509Certificates; @@ -53,13 +54,13 @@ private sealed class MsQuicConfigurationCache : SafeHandleCache? intermediates, List alpnProtocols, QUIC_ALLOWED_CIPHER_SUITE_FLAGS allowedCipherSuites) { - CertificateThumbprints = certificate == null ? new List() : new List { certificate.GetCertHash() }; + CertificateThumbprints = certificate == null ? new List() : new List { certificate.GetCertHash(HashAlgorithmName.SHA512) }; if (intermediates != null) { foreach (X509Certificate2 intermediate in intermediates) { - CertificateThumbprints.Add(intermediate.GetCertHash()); + CertificateThumbprints.Add(intermediate.GetCertHash(HashAlgorithmName.SHA512)); } } diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Protocol.cs b/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Protocol.cs index ea9d703399e391..22a3f91f9630fa 100644 --- a/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Protocol.cs +++ b/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Protocol.cs @@ -597,7 +597,7 @@ private bool AcquireClientCredentials(ref byte[]? thumbPrint, bool newCredential // // SECURITY: selectedCert ref if not null is a safe object that does not depend on possible **user** inherited X509Certificate type. // - byte[]? guessedThumbPrint = selectedCert?.GetCertHash(); + byte[]? guessedThumbPrint = selectedCert?.GetCertHash(HashAlgorithmName.SHA512); SafeFreeCredentials? cachedCredentialHandle = SslSessionsCache.TryCachedCredential( guessedThumbPrint, _sslAuthenticationOptions.EnabledSslProtocols, @@ -743,7 +743,7 @@ private bool AcquireServerCredentials(ref byte[]? thumbPrint) // // Note selectedCert is a safe ref possibly cloned from the user passed Cert object // - byte[] guessedThumbPrint = selectedCert.GetCertHash(); + byte[] guessedThumbPrint = selectedCert.GetCertHash(HashAlgorithmName.SHA512); bool sendTrustedList = _sslAuthenticationOptions.CertificateContext!.Trust?._sendTrustInHandshake ?? false; SafeFreeCredentials? cachedCredentialHandle = SslSessionsCache.TryCachedCredential(guessedThumbPrint, _sslAuthenticationOptions.EnabledSslProtocols,