From 9a834cff78e3f4e33b561304c83de717019f5a4d Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 5 Apr 2016 07:50:01 +0200
Subject: ssl: Remove default support for use of md5 in TLS 1.2 signature
 algorithms

---
 lib/ssl/doc/src/ssl.xml | 4 +---
 lib/ssl/src/tls_v1.erl  | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

(limited to 'lib')

diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 17842c71ad..53d534ef19 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -548,13 +548,11 @@ fun(srp, Username :: string(), UserState :: term()) ->
 {sha, ecdsa},
 {sha, rsa},
 {sha, dsa},
-%% MD5
-{md5, rsa}
 ]</code>
 	
 	The algorithms should be in the preferred order.
 	Selected signature algorithm can restrict which hash functions
-	that may be selected.
+	that may be selected. Default support for {md5, rsa} removed in ssl-8.0
 	</p>
 	</item>
       </taglist>
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index 0cf6f88782..03cef633d5 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -298,9 +298,7 @@ default_signature_algs({3, 3} = Version) ->
 	       %% SHA
 	       {sha, ecdsa},
 	       {sha, rsa},
-	       {sha, dsa},
-	       %% MD5
-	       {md5, rsa}],
+	       {sha, dsa}],
     signature_algs(Version, Default);
 default_signature_algs(_) ->
     undefined.
-- 
cgit v1.2.3