OpenSSL MD5 verification disabled?
Tomas Mraz
tmraz at redhat.com
Tue Mar 17 16:04:53 UTC 2015
On 17.3.2015 17:00, Richard Shaw wrote:
> I've got a new BZ report for my package TrustedQSL which uses OpenSSL to
> very a certificate used for uploading ham radio contacts to an online
> logbook. The system uses MD5 which appears to be disabled in F21+.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1202157
>
> I don't like the workaround specified in the BZ but I don't see an
> alternative so I would like to get some input from others who are better
> versed in how OpenSSL works.
Hi,
there is no other workaround. And they should not use MD5 signed
certificates - they are insecure.
Regards,
Tomas Mraz
More information about the devel
mailing list