Allow disabling SHA1 based signatures

[MaxHearnden]

ECDSA+SHA1 and RSA+SHA1 can currently be used by Caddy to sign key exchanges when using TLS 1.2 and when SHA1 based signatures are preferred by the client.

Given that SHA256 or better is required for the TLS 1.2 ciphers currently used by default (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) it can be safe to conclude that legitimate users of a website support SHA256.

This would most likely be resolved by setting the SupportedSignatureAlgorithms in the certificate struct (https://pkg.go.dev/crypto/tls#Certificate)

[francislavoie]

I think we'll just not do anything, because Go 1.25 fixes that:

https://go.dev/doc/go1.25#cryptotlspkgcryptotls

SHA-1 signature algorithms are now disallowed in TLS 1.2 handshakes, per RFC 9155. They can be re-enabled with the GODEBUG setting tlssha1=1.

[mholt]

Ah yeah I noticed that today and was going to comment the same.