[CentOS-devel] Question on absence of SHA1 in OpenSSL 3.0/Centos 9 stream.

Mon Jul 25 14:43:24 UTC 2022
Josh Boyer <jwboyer at redhat.com>

On Mon, Jul 25, 2022 at 8:12 AM Nickolay Olshevsky <o.nickolay at gmail.com> wrote:
> Hi,
> Having SHA1 support removed from the OpenSSL in Centos 9 stream, it is
> still displayed in the list of supported digest, via CLI `openssl dgst
> -list` and via library API calls like `EVP_get_digestbyname()` and
> `EVP_MD_do_all_sorted()`.
> However, in some cases it would be desirable to know whether particular
> OpenSSL installation supports SHA1.
> So, the question - is it done this way by intention and I should look
> for some workaround, or it is something to get fixed in further package
> updates?

In RHEL and CentOS Stream, this is largely done via the
crypto-policies package.  You will likely find this section relevant
to your question: