In Java servlet, when SHA-256 sends WW-Authenticate header for digest authentication, the client does not return the result.

We are developing a WebAPI for Digest authentication, but if you set the message digest algorithm to SHA-256, the client side will crash.
Is there something wrong with the server implementation?

language:Java, server:Tomcat 7.0
OS:Windows 10

Digest authentication implements WWW-Authenticate header transmission and Authorization header reception in servlets, rather than authentication settings with configuration files such as tomcat web.xml, server.xml, and tomcat-users.xml.
If you use MD5 as the algorithm for the digest, authentication is successful, but if you change it to SHA-256 because it is deprecated, the client will not return any results after sending the WW-Authenticate header.

Example WW-Authenticate Header Sent

WWW-Authenticate: Digest realm="example.com", qop=auth, nonce="f5d6eeccc66664731c72e3300d3dfadf", opaque="56b2ea6d037b522661a3719ec48b7d9a", algorithm=SHA-256

※ algorithm=MD5 will succeed

Client-side behavior

• For browsers
  Error in Http status 401 without displaying user password dialog.
  Looking at the status of the communication in the developer tool, WWW-Authenticate: appears to have received it, but does not appear to be generating Authorization.

• For the curl command
  curl-v-k --digest -- user "user:password" "url"
  Curl exits with out of memory message after receiving WWW-Authenticate header

For browsers
Error in Http status 401 without displaying user password dialog.
Looking at the status of the communication in the developer tool, WWW-Authenticate: appears to have received it, but does not appear to be generating Authorization.

For the curl command:
curl-v-k --digest -- user "user:password" "url"
Curl exits with out of memory message after receiving WWW-Authenticate header