id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
34804	legacy_algorithm = 'sha1' removed in django4.0 but new algorithm is hardcoded	Awais Qureshi	nobody	"I am trying to upgrade from django32 to 42 and facing an issue in https://github.com/django/django/blob/3.2/django/core/signing.py#L124

in django32 it is like this

# RemovedInDjango40Warning.
 legacy_algorithm = 'sha1'

and in __init__ method it picks the value like this
`self.algorithm = algorithm or settings.DEFAULT_HASHING_ALGORITHM`

In django42  https://github.com/django/django/blob/4.2.4/django/core/signing.py#L204

algorithm getting value like this

self.algorithm = algorithm or ""sha256"" ( its a hardcoded value and can be pick via settings)

So here is my code I am using dump method to `signing.dumps(data_to_sign, salt=self.key_salt)` and it furthers call the `TimestampSigner` So I am not able to find any way to pass the `sha1` which is my current prod setting.

Last option for me is to override the class. 

since `DEFAULT_HASHING_ALGORITHM` is removed. So may be pass param from dumps.




"	Cleanup/optimization	closed	Core (Other)	4.2	Normal	invalid			Unreviewed	0	0	0	0	0	0