Hello Matt,
First of all, I don't understand your <having> condition, please may you explain it, what is meant for?
FYI, there are security flaws with SHA-1, so it is deprecated.
And normally, in Query activity, you should see only SHA-2 algorithms (in addition of MD5), so Sha256Digest(string) and Sha512Digest(string).
In the JSAPI, due to backwards compatibility, there are JS functions such as digestStrSha1 and sha1() but please use rather digestStrSha256 (string) (or 512).
Then, the time-out/SQL performance issue:
It is always better, for SQL engine performance, to have filter (where, having) on indexes columns, and if not, in "raw" data (without SQL functions such as uppercase, trim, date format manipulation, etc), so the SQL engine can optimize the execution plan.
In case of you can't, define SQL hint to do the having function after the other merge/hash joins in SQL. But it is a bit tricky, I recommend to analyze what you want to do with the having condition and rewrites it for avoiding the string manipulation/conversion.
Regards.
J-Serge