On 03/27/2014 02:43 PM, Nikos Mavrogiannopoulos wrote:
On Thu, 2014-03-27 at 13:12 +0100, Florian Weimer wrote:
> I had this change in mind:
> I don't know if similar changes were applied to other libraries when we
> removed MD2 support.
There was a similar issue in gnutls that was solved a few years ago, and
I have not seen anything reported in NSS (which already restricts MD5 as
signature algorithm). So I don't believe that there will be any issues
I'll make a note to check JCE.
Florian Weimer / Red Hat Product Security Team