MD5, MD4, and SHA0 as the signing algorithms in *OpenSSL* disabled
With this update, support for the verification of MD4, and SHA0 signatures in certificates, Certificate Revocation Lists (CRL) and message signatures is removed in addition to already removed support for the verification of MD5.
Also the default for generating digital signatures is changed from SHA1 to SHA256 as SHA1 should not be used for digital signatures of certificates and other data after 2016. The verification of SHA1 signatures is still enabled for legacy purposes but might be disabled in future releases.
The system administrator can enable MD5, MD4, or SHA0 support by modifying the "LegacySigningMDs" option in the `etc/pki/tls/legacy-settings` policy configuration file, for example:
echo 'LegacySigningMDs md5' >> /etc/pki/tls/legacy-settings
You can also enable the MD5 verification by setting the "OPENSSL_ENABLE_MD5_VERIFY" environment variable.