diff --git a/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/breakout/BreakoutApp2x.scala b/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/breakout/BreakoutApp2x.scala
index 022bf5fd3b641c9f9c01856c7ed0012c2fa3e3b9..312fb59e105b3d4bf5135d949623bb7671cf78e3 100755
--- a/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/breakout/BreakoutApp2x.scala
+++ b/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/breakout/BreakoutApp2x.scala
@@ -42,7 +42,7 @@ object BreakoutRoomsUtil {
   //checksum() -- Return a checksum based on SHA-1 digest
   //
   def checksum(s: String): String = {
-    DigestUtils.sha1Hex(s);
+    DigestUtils.sha256Hex(s);
   }
 
   def calculateChecksum(apiCall: String, baseString: String, sharedSecret: String): String = {
diff --git a/bbb-common-web/src/main/java/org/bigbluebutton/api/ParamsProcessorUtil.java b/bbb-common-web/src/main/java/org/bigbluebutton/api/ParamsProcessorUtil.java
index bb30401ef7e327de04e01acac00bf65b6d98bcd0..245fd257f71e9e7d52ac6de243f921d05e717968 100755
--- a/bbb-common-web/src/main/java/org/bigbluebutton/api/ParamsProcessorUtil.java
+++ b/bbb-common-web/src/main/java/org/bigbluebutton/api/ParamsProcessorUtil.java
@@ -678,8 +678,15 @@ public class ParamsProcessorUtil {
 			log.warn("Security is disabled in this service. Make sure this is intentional.");
 			return true;
 		}
-        
-		String cs = DigestUtils.shaHex(meetingID + configXML + securitySalt);
+
+		log.info("CONFIGXML CHECKSUM=" + checksum + " length=" + checksum.length());
+
+		String data = meetingID + configXML + securitySalt;
+		String cs = DigestUtils.sha1Hex(data);
+		if (checksum.length() == 64) {
+			cs = DigestUtils.sha256Hex(data);
+			log.info("CONFIGXML SHA256 " + cs);
+		}
 
 		if (cs == null || cs.equals(checksum) == false) {
 			log.info("checksumError: configXML checksum. our: [{}], client: [{}]", cs, checksum);
@@ -704,8 +711,14 @@ public class ParamsProcessorUtil {
 		    queryString = queryString.replace("checksum=" + checksum, "");
 		}
 
-		String cs = DigestUtils.shaHex(apiCall + queryString + securitySalt);
+		log.info("CHECKSUM=" + checksum + " length=" + checksum.length());
 
+		String data = apiCall + queryString + securitySalt;
+		String cs = DigestUtils.sha1Hex(data);
+		if (checksum.length() == 64) {
+			cs = DigestUtils.sha256Hex(data);
+			log.info("SHA256 " + cs);
+		}
 		if (cs == null || cs.equals(checksum) == false) {
 			log.info("query string after checksum removed: [{}]", queryString);
 			log.info("checksumError: query string checksum failed. our: [{}], client: [{}]", cs, checksum);