As far as I remember, the use of MD5 is only allowed in TLS 1 for the specific
use within the PRF for key generation as the __combination__ of SHA-1 and MD5
is not considered weak usage. Use of MD5 elsewhere is still disallowed.
Carl
From:
On Fri, Jul 26, 2013, Carl Young wrote:
As far as I remember, the use of MD5 is only allowed in TLS 1 for the
specific use within the PRF for key generation as the __combination__ of
SHA-1 and MD5 is not considered weak usage. Use of MD5 elsewhere is still
disallowed.
It is also permitted
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: Friday, July 26, 2013 7:39 AM
To: openssl-users@openssl.org
Subject: Re: Using MD5 certificates in OpenSSL FIPS
On Fri, Jul 26, 2013, Carl Young wrote
On Fri, Jul 26, 2013, Perrow, Graeme wrote:
If I do openssl x509 -in mycert.crt -text I see Signature Algorithm:
sha1WithRSAEncryption. There's no mention of MD5 here but since OpenSSL is
attempting to load it, I assume it's using the MD5-SHA1 combination. If that
*is* permitted, why am I
...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of Perrow, Graeme [graeme.per...@sap.com]
Sent: 26 July 2013 14:10
To: openssl-users@openssl.org
Subject: RE: Using MD5 certificates in OpenSSL FIPS
If I do openssl x509 -in mycert.crt -text I see Signature Algorithm:
sha1WithRSAEncryption. There's