2.04 is where this where this option appears. We upgraded to 2.06 and it works fine- can specify sha256 on server and see the new sha256 certs being accepted on client.
Follow-up question: do we need to update the back-end server certs that are signed sha-1?
We can SSO into ABAP and WAS, Java...with the back-ends still using sha-1 now. I'm a bit concerned that the Java and WAS with IE will be an issue in the future.