Don't use RSA+MD5 with TLS 1.2

Since the TLS 1.2 supported signature algorithms extension is less sophisticaed in OpenSSL 1.0.1 this has to be done in two stages. RSA+MD5 is removed from supported signature algorithms extension: any compliant implementation should never use RSA+MD5 as a result. To cover the case of a broken implementation using RSA+MD5 anyway disable lookup of MD5 algorithm in TLS 1.2.
2013-10-15 14:15:54 +01:00 · 2013-10-15 14:15:54 +01:00 · 5e1ff664f9
commit 5e1ff664f9
parent 833a896681
1 changed files with 0 additions and 16 deletions
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -342,19 +342,11 @@ static unsigned char tls12_sigalgs[] = {
 #ifndef OPENSSL_NO_SHA
 	tlsext_sigalg(TLSEXT_hash_sha1)
 #endif
-#ifndef OPENSSL_NO_MD5
-	tlsext_sigalg_rsa(TLSEXT_hash_md5)
-#endif
 };

 int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
 	{
 	size_t slen = sizeof(tls12_sigalgs);
-#ifdef OPENSSL_FIPS
-	/* If FIPS mode don't include MD5 which is last */
-	if (FIPS_mode())
-		slen -= 2;
-#endif
 	if (p)
 		memcpy(p, tls12_sigalgs, slen);
 	return (int)slen;
@ -2452,14 +2444,6 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg)
 	{
 	switch(hash_alg)
 		{
-#ifndef OPENSSL_NO_MD5
-		case TLSEXT_hash_md5:
-#ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			return NULL;
-#endif
-		return EVP_md5();
-#endif
 #ifndef OPENSSL_NO_SHA
 		case TLSEXT_hash_sha1:
 		return EVP_sha1();