On Fri, Jul 26, 2013, Carl Young wrote: > As far as I remember, the use of MD5 is only allowed in TLS 1 for the > specific use within the PRF for key generation as the __combination__ of > SHA-1 and MD5 is not considered weak usage. Use of MD5 elsewhere is still > disallowed. >
It is also permitted with the MD5+SHA1 combined RSA signature again because the combination is not considered weak. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org