Hi everyone, I'm upgrading a server application from using OpenSSL 1.0.2n to using OpenSSL 1.1.0g. I noticed that after the upgrade, some SSL certs get rejected because they use an MD5 digest, with the error: "SSL_CTX_use_certificate:ca md too weak"
While I could ask clients to get a better CA certificate, it takes some of them a long time to do so. I was wondering if there's a way I could compile/configure the OpenSSL on my server to accept those certificates after all. Does anyone know? I found links such as: https://mta.openssl.org/pipermail/openssl-users/2017-October/006670.html and https://www.spinics.net/lists/openssl-users/msg06669.html and a few others but they don't apply to my case I think. Also, if the client does find it possible to get re-generated certs, would it be both the client cert and the CA? Or just one of them? Thanks in advance! Best, Pratyush
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users