<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi<div class=""><br class=""></div><div class="">thanks for all the comments and suggestions, especially the ones I could understand</div><div class=""><br class=""></div><div class="">centos 7</div><div class="">yum upgrade</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">openssl version gives:</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">OpenSSL 1.0.2k-fips  26 Jan 2017</span></div></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class="">it looks like </span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class=""><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">echo 'LegacySigningMDs md5' >> /etc/pki/tls/legacy-settings</span></div></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">allows the reading of Md5 Client certificates (which are still being installed in "not released yet" phones)</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">That is a week of my life I wont get back</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">thanks again</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Stuart</span></div><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 27 Sep 2017, at 19:02, Michael Wojcik <<a href="mailto:Michael.Wojcik@microfocus.com" class="">Michael.Wojcik@microfocus.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class=""><blockquote type="cite" class="">From: openssl-users [<a href="mailto:openssl-users-bounces@openssl.org" class="">mailto:openssl-users-bounces@openssl.org</a>] On Behalf<br class="">Of Jochen Bern<br class="">Sent: Wednesday, September 27, 2017 06:51<br class="">To: <a href="mailto:openssl-users@openssl.org" class="">openssl-users@openssl.org</a><br class="">Subject: Re: [openssl-users] Hardware client certificates moving to Centos 7<br class=""><br class="">I don't know offhand which OpenSSL versions did away with MD5, but you<br class="">*can* install an 0.9.8e (+ RHEL/CentOS backported security patches)<br class="">straight off CentOS 7 repos:<br class=""></blockquote><br class="">Ugh. No need for 0.9.8e (which is from, what, the early Industrial Revolution?). MD5 is still available in OpenSSL 1.0.2, assuming it wasn't disabled in the build configuration. I think Stuart is dealing with an OpenSSL build that had MD5 disabled in the Configure step.<br class=""><br class="">Heck, MD4 and MDC2 are still available in 1.0.2 - even with the default configuration, I believe. I'm looking at 1.0.2j here and it has GOST, MD4, MD5, MDC2, RIPEMD-60, SHA, SHA1, SHA-2 (all standard lengths), and Whirlpool.<br class=""><br class="">That's just for digests, obviously; but the point is the MD5 support is still there. And yes, 1.0.2j can handle certificates with md5WithRsaEncryption signatures.<br class=""><br class="">-- <br class="">Michael Wojcik <br class="">Distinguished Engineer, Micro Focus <br class=""><br class=""><br class=""><br class="">-- <br class="">openssl-users mailing list<br class="">To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" class="">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br class=""><br class=""></div></div></blockquote></div><br class=""><div class="">
<br class="">
<big class=""><big class="">Dr Stuart Marsden</big></big><br class="">
<b class="">Tel:</b>  +44 (0)1494 414100 <br class="">
<b class="">Email:</b>  <a href="mailto:stuart@myPhones.com" class="">stuart@myPhones.com</a>
<br class="">
<br class=""> <img alt="Altos Banner" src="http://provision.myphones.net/emailfooter2.png" class="">


</div>
<br class=""></div></body></html>