On Mon, Jul 25, 2022 at 8:12 AM Nickolay Olshevsky <o.nickolay at gmail.com> wrote: > > Hi, > > Having SHA1 support removed from the OpenSSL in Centos 9 stream, it is > still displayed in the list of supported digest, via CLI `openssl dgst > -list` and via library API calls like `EVP_get_digestbyname()` and > `EVP_MD_do_all_sorted()`. > > However, in some cases it would be desirable to know whether particular > OpenSSL installation supports SHA1. > > So, the question - is it done this way by intention and I should look > for some workaround, or it is something to get fixed in further package > updates? In RHEL and CentOS Stream, this is largely done via the crypto-policies package. You will likely find this section relevant to your question: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/considerations_in_adopting_rhel_9/assembly_security_considerations-in-adopting-rhel-9#ref_considerations-security-crypto_changes-to-security josh