Executive Summary
Use of the SHA‑1 hashing algorithm is no longer supported due to cryptographic weaknesses and does not meet current security standards. Pega no longer supports the use of the SHA-1 algorithm after October 31st, 2026.
Java has removed support for SHA-1 TLS handshakes: see https://www.java.com/en/jre-jdk-cryptoroadmap.html.
Affected Areas
Pega recommends checking the following Pega Infinity components for references to external servers leveraging SHA-1 hashing algorithms:
- Connect rules, especially Connect-REST, Connect-HTTP, Connect-SOAP, and Connect-MQ
- Activity rules that leverage the above Connect rules
- Custom Activity Java steps or Rule-Utility-Function rules, that use custom Java code to establish https connections with external systems
- Data Pages configured to pull data over https from external sources
- Listeners that monitor external data over https
Impact
Clients must update their impacted systems by October 31st, 2026. If no action is taken, after this date:
- Connections relying on SHA‑1 will fail
- This might cause integration outages and possible production service disruptions
Immediate action you need to take if you are using SHA-1:
- For each of your servers relying on SHA-1 that connects to your Pega Infinity environments, update those servers to use a secure algorithm.
- Supported algorithms can be found here: Data-in-transit encryption in Pega Cloud
- For Algorithms no longer supported by Java: Configure Oracle's JDK and JRE Cryptographic Algorithms
If you have any questions or concerns, please raise a Cloud Assistance ticket (SR) in My Support Portal for GCS assistance.