In most modes, TLS 1.2 uses a signature in the ServerKeyExchange message to prove ownership of the private key. (Note this is NOT related to SHA-1 certificates.) There is an extension, signature_algorithms, to negotiate which signature algorithms are acceptable. To reduce dependencies on SHA-1 and prepare for TLS 1.3's new ECDSA handling, we intend to remove ECDSA with SHA-1 and ECDSA with SHA-512, leaving only SHA-256 and SHA-384 for ECDSA.