If you're going to go through the trouble of changing the signature algorithm from MD5, choose a strong algorithm instead of another weak one. SHA1, although not as weak as MD5, is not recommended either. See this comnment from NIST:
"NIST Comments on Cryptanalytic Attacks on SHA-1" http://csrc.nist.gov/groups/ST/hash/statement.html Basically, it says you should use the SHA2 family (SHA224, SHA256, SHA384, or SHA512). # openssl.cnf default_md = sha512 -- This message posted from opensolaris.org
