> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Jochen Bern > Sent: Wednesday, September 27, 2017 06:51 > To: openssl-users@openssl.org > Subject: Re: [openssl-users] Hardware client certificates moving to Centos 7 > > I don't know offhand which OpenSSL versions did away with MD5, but you > *can* install an 0.9.8e (+ RHEL/CentOS backported security patches) > straight off CentOS 7 repos:
Ugh. No need for 0.9.8e (which is from, what, the early Industrial Revolution?). MD5 is still available in OpenSSL 1.0.2, assuming it wasn't disabled in the build configuration. I think Stuart is dealing with an OpenSSL build that had MD5 disabled in the Configure step. Heck, MD4 and MDC2 are still available in 1.0.2 - even with the default configuration, I believe. I'm looking at 1.0.2j here and it has GOST, MD4, MD5, MDC2, RIPEMD-60, SHA, SHA1, SHA-2 (all standard lengths), and Whirlpool. That's just for digests, obviously; but the point is the MD5 support is still there. And yes, 1.0.2j can handle certificates with md5WithRsaEncryption signatures. -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
