On 10/06/2010 14:31, Simon Josefsson wrote:
Thus the text in your document "many TLS implementations, OpenSSL,
Network Security Services, and GNUTLS, have disabled support for MD2"
may not be the entire story. GnuTLS "supports" MD2 even though it
does not consider it secure. I can't speak for OpenSSL or NSS, but I
suspect they implement MD2 too and can verify such digital hashes,
even if they don't consider them secure.
OpenSSL implemented MD2 but has since disabled its use in digital signatures and
generally attempting to lookup a digest called "MD2" will fail.
The self signed root CA issue was worked around by disabling the signature check
on the root CA by default, since it is redundant. The result is that a self
signed trusted root can be signed using MD2withRSA but never subordinate CAs.
Dr Stephen N. Henson.
Core developer of the OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.co.uk/
Email: shenson(_at_)drh-consultancy(_dot_)co(_dot_)uk, PGP key: via homepage.
smime mailing list