* Jason Ross: > To partially answer the first question anyway, a very quick and > likely imprecise check of my Debian default installation of openssl > contains the following 24 CA certs as using "md5WithRSAEncryption" > for the Signature Algorithm:
These are self-signatures and typically not checked. When these certificates are used as issuers, they can use SHA-1, and are not restricted to MD5. (Same comment applies to the certificates with MD2 self-signatures.) Only the CA knows if they still issue certificates with MD5 signatures. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
