OpenSSL MD5 verification disabled?
tmraz at redhat.com
Tue Mar 17 16:04:53 UTC 2015
On 17.3.2015 17:00, Richard Shaw wrote:
> I've got a new BZ report for my package TrustedQSL which uses OpenSSL to
> very a certificate used for uploading ham radio contacts to an online
> logbook. The system uses MD5 which appears to be disabled in F21+.
> I don't like the workaround specified in the BZ but I don't see an
> alternative so I would like to get some input from others who are better
> versed in how OpenSSL works.
there is no other workaround. And they should not use MD5 signed
certificates - they are insecure.
More information about the devel