On Wed, Jul 8, 2015 at 1:24 PM, Rajeswari K <raji.kotamraju at gmail.com> wrote: > Hello Openssl team, > > We are currently facing an issue with RC4-MD5 cipher suite after upgrading > from openssl0.9.8q to openssl1.0.1j. > > We see that on few platforms, RC4-MD5 cipher negotiation is returning bad > mac record error after receiving "Client Key Exchange" message. I've seen it the other way: 0.9.8 produces a bad mac; while 1.0 clears the issue. > Currently we are using proprietary md5 functions with following > configuration . > > ... > Is there any consideration for MD5 based on platform bits? Can anyone > share? Just bike shedding, but these are the two ciphers that browsers are targeting for deprecation. See, for example, https://www.google.com/search?q=obsolete+cryptography+warning+chrome. The time might be better spent on avoiding both RC4 and MD5. That will keep your users out of of those browser security UX prompts that they don't know how to answer. But like I said, its just bike shedding.
