On 03/27/2014 02:43 PM, Nikos Mavrogiannopoulos wrote:
On Thu, 2014-03-27 at 13:12 +0100, Florian Weimer wrote:I had this change in mind: <http://marc.info/?l=openssl-cvs&m=124508133203041&w=2> I don't know if similar changes were applied to other libraries when we removed MD2 support.There was a similar issue in gnutls that was solved a few years ago, and I have not seen anything reported in NSS (which already restricts MD5 as signature algorithm). So I don't believe that there will be any issues with that.
Okay, great. I'll make a note to check JCE. -- Florian Weimer / Red Hat Product Security Team -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
