Hi thanks for all the comments and suggestions, especially the ones I could understand
centos 7 yum upgrade openssl version gives: OpenSSL 1.0.2k-fips 26 Jan 2017 it looks like echo 'LegacySigningMDs md5' >> /etc/pki/tls/legacy-settings allows the reading of Md5 Client certificates (which are still being installed in "not released yet" phones) That is a week of my life I wont get back thanks again Stuart > On 27 Sep 2017, at 19:02, Michael Wojcik <michael.woj...@microfocus.com> > wrote: > >> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf >> Of Jochen Bern >> Sent: Wednesday, September 27, 2017 06:51 >> To: openssl-users@openssl.org >> Subject: Re: [openssl-users] Hardware client certificates moving to Centos 7 >> >> I don't know offhand which OpenSSL versions did away with MD5, but you >> *can* install an 0.9.8e (+ RHEL/CentOS backported security patches) >> straight off CentOS 7 repos: > > Ugh. No need for 0.9.8e (which is from, what, the early Industrial > Revolution?). MD5 is still available in OpenSSL 1.0.2, assuming it wasn't > disabled in the build configuration. I think Stuart is dealing with an > OpenSSL build that had MD5 disabled in the Configure step. > > Heck, MD4 and MDC2 are still available in 1.0.2 - even with the default > configuration, I believe. I'm looking at 1.0.2j here and it has GOST, MD4, > MD5, MDC2, RIPEMD-60, SHA, SHA1, SHA-2 (all standard lengths), and Whirlpool. > > That's just for digests, obviously; but the point is the MD5 support is still > there. And yes, 1.0.2j can handle certificates with md5WithRsaEncryption > signatures. > > -- > Michael Wojcik > Distinguished Engineer, Micro Focus > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > Dr Stuart Marsden Tel: +44 (0)1494 414100 Email: stu...@myphones.com <mailto:stu...@myphones.com>
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users