From 9a834cff78e3f4e33b561304c83de717019f5a4d Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 5 Apr 2016 07:50:01 +0200 Subject: ssl: Remove default support for use of md5 in TLS 1.2 signature algorithms --- lib/ssl/doc/src/ssl.xml | 4 +--- lib/ssl/src/tls_v1.erl | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index 17842c71ad..53d534ef19 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -548,13 +548,11 @@ fun(srp, Username :: string(), UserState :: term()) -> {sha, ecdsa}, {sha, rsa}, {sha, dsa}, -%% MD5 -{md5, rsa} ] The algorithms should be in the preferred order. Selected signature algorithm can restrict which hash functions - that may be selected. + that may be selected. Default support for {md5, rsa} removed in ssl-8.0

diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl index 0cf6f88782..03cef633d5 100644 --- a/lib/ssl/src/tls_v1.erl +++ b/lib/ssl/src/tls_v1.erl @@ -298,9 +298,7 @@ default_signature_algs({3, 3} = Version) -> %% SHA {sha, ecdsa}, {sha, rsa}, - {sha, dsa}, - %% MD5 - {md5, rsa}], + {sha, dsa}], signature_algs(Version, Default); default_signature_algs(_) -> undefined. -- cgit v1.2.3