diff --git a/java/ql/lib/change-notes/2023-08-15-add-dashes-to-sha-algorithms.md b/java/ql/lib/change-notes/2023-08-15-add-dashes-to-sha-algorithms.md
new file mode 100644
index 00000000000..c6b16d9f943
--- /dev/null
+++ b/java/ql/lib/change-notes/2023-08-15-add-dashes-to-sha-algorithms.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Modified the `getSecureAlgorithmName` predicate in `Encryption.qll` to also include `SHA-256` and `SHA-512`. Previously only the versions of the names without dashes were considered secure.
diff --git a/java/ql/lib/semmle/code/java/security/Encryption.qll b/java/ql/lib/semmle/code/java/security/Encryption.qll
index 88a1996ffd9..28d1f8c1f49 100644
--- a/java/ql/lib/semmle/code/java/security/Encryption.qll
+++ b/java/ql/lib/semmle/code/java/security/Encryption.qll
@@ -270,7 +270,7 @@ string getInsecureAlgorithmRegex() {
 string getASecureAlgorithmName() {
   result =
     [
-      "RSA", "SHA256", "SHA512", "CCM", "GCM", "AES(?![^a-zA-Z](ECB|CBC/PKCS[57]Padding))",
+      "RSA", "SHA-?256", "SHA-?512", "CCM", "GCM", "AES(?![^a-zA-Z](ECB|CBC/PKCS[57]Padding))",
       "Blowfish", "ECIES"
     ]
 }