MD4 was DOA when APR was created. Can we please introduce SHA-2 and drop MD4 entirely in APR release 2.0.0?
If configuring for a FIPS ssl environment, we will also have to stub out MD5 entirely since it too is a prohibited algorithm. But it's common enough still today that I'm not in favor of dropping it from APR. There are just too many MD5 hashes our users still need to calculate. Bill
