Greetings, the OpenSSL 1.0.0a documentation is inconsistent:
1. EVP_DigestInit(3) reads, at the end (HISTORY): "OpenSSL 1.0 and later does not include the MD2 digest algorithm in the default configuration due to its security weaknesses." 2. md5(3) reads, at the end (HISTORY): "MD2(), MD2_Init(), MD2_Update() MD2_Final(), MD5(), MD5_Init(), MD5_Update() and MD5_Final() are available in all versions of SSLeay and OpenSSL." The latter should be changed before the next release to: "MD5(), MD5_Init(), MD5_Update() and MD5_Final() are available in all versions of SSLeay and OpenSSL. MD2(), MD2_Init(), MD2_Update(), MD2_Final() are available in all versions of SSLeay and OpenSSL, however, since OpenSSL 1.0, the default configuration does not include the MD2 digest algorithm due to its security weaknesses". Possibly and preferably, such HISTORY information should be consolidated on one and only one manual page, so that only one place needs to be changed. -- Matthias Andree ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
