Hi,
Having SHA1 support removed from the OpenSSL in Centos 9 stream, it is still displayed in the list of supported digest, via CLI `openssl dgst -list` and via library API calls like `EVP_get_digestbyname()` and `EVP_MD_do_all_sorted()`.
However, in some cases it would be desirable to know whether particular OpenSSL installation supports SHA1.
So, the question - is it done this way by intention and I should look for some workaround, or it is something to get fixed in further package updates?
Thanks!
On Mon, Jul 25, 2022 at 8:12 AM Nickolay Olshevsky o.nickolay@gmail.com wrote:
Hi,
Having SHA1 support removed from the OpenSSL in Centos 9 stream, it is still displayed in the list of supported digest, via CLI `openssl dgst -list` and via library API calls like `EVP_get_digestbyname()` and `EVP_MD_do_all_sorted()`.
However, in some cases it would be desirable to know whether particular OpenSSL installation supports SHA1.
So, the question - is it done this way by intention and I should look for some workaround, or it is something to get fixed in further package updates?
In RHEL and CentOS Stream, this is largely done via the crypto-policies package. You will likely find this section relevant to your question:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/htm...
josh