diff options
author | Michael Brown <mcb30@ipxe.org> | 2020-06-16 23:17:21 +0100 |
---|---|---|
committer | Michael Brown <mcb30@ipxe.org> | 2020-06-16 23:41:43 +0100 |
commit | 7f2006a9ada4a326ac904a8719170227c8860e21 (patch) | |
tree | ad33157cb44761383bc71f81f92ea05a71578439 | |
parent | bb74f00512995f15bf61517fc039f32713e0af73 (diff) | |
download | ipxe-7f2006a9ada4a326ac904a8719170227c8860e21.zip ipxe-7f2006a9ada4a326ac904a8719170227c8860e21.tar.gz ipxe-7f2006a9ada4a326ac904a8719170227c8860e21.tar.bz2 |
[crypto] Disable MD5 as an OID-identifiable algorithm by default
Disable the use of MD5 as an OID-identifiable algorithm. Note that
the MD5 algorithm implementation will still be present in the build,
since it is used implicitly by various cryptographic components such
as HTTP digest authentication; this commit removes it only from the
list of OID-identifiable algorithms.
It would be appropriate to similarly disable the use of SHA-1 by
default, but doing so would break the use of OCSP since several OCSP
responders (including the current version of openca-ocspd) are not
capable of interpreting the hashAlgorithm field and so will fail if
the client uses any algorithm other than the configured default.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
-rw-r--r-- | src/config/crypto.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/config/crypto.h b/src/config/crypto.h index a87cf92..7c02517 100644 --- a/src/config/crypto.h +++ b/src/config/crypto.h @@ -22,7 +22,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); //#define CRYPTO_DIGEST_MD4 /** MD5 digest algorithm */ -#define CRYPTO_DIGEST_MD5 +//#define CRYPTO_DIGEST_MD5 /** SHA-1 digest algorithm */ #define CRYPTO_DIGEST_SHA1 |