RFC 6960 updates OCSP validation algorithm to SHA256

[Sprinterfreak]

cryptography.io states

SHA256 is in this example because while RFC 5019 originally
required SHA1 RFC 6960 updates that to SHA256.
However, depending on your requirements you may need to use SHA1
for compatibility reasons.

Is there any reason, why we still default to sha1?

Quick tests with validate_ocsp: 'sha256' did not indicate any issues for me so far.

[Kishi85]

The reason is simple: The OCSP request spec is still based on RFC5019 and RFC6950 does not obsolete or update that (see https://datatracker.ietf.org/doc/html/rfc6960).

RFC5019 explicitly states that "Clients MUST use SHA1 as the hashing algorithm for the CertID.issuerNameHash and the CertID.issuerKeyHash values." (see https://datatracker.ietf.org/doc/html/rfc5019#section-2.1.1) and thats where the default comes from.

RFC6960 only states that an OCSP client has to be capable of processing responses signed with sha256 and should be able to process sha1 as well (see https://datatracker.ietf.org/doc/html/rfc6960#section-4.3). So IHMO the information on cryptography.io might just be a misunderstanding?

Anyway as long as RFC5019 is the leading standard there is no reason to update this default and cause potential breakage or problems.