I have a call to a 3rd party webservice that uses HTTPs for transport security.
The 3rd party are due to upgrade their certificate to SHA-2, withdrawing SHA-1. Does my call need to be able to use TLS1.2 to continue connecting, or can TLS1.1 or below interact with SHA-2 certificates?
The digital signature of the X.509 certificate has no impact on TLS. It's the former that is changing from SHA-1 to SHA-256 as part of the SHA-1 deprecation programme.
It is true that TLS has a HMAC within it that use the SHA algorithm and TLS 1.1 does not use SHA-256 for this, but that's completely different to the X.509 certificate with SHA-256 digital signatures which your 3rd party will be upgrading to.
