Prevent use of RSA+MD5 in TLS 1.2 by default.

Removing RSA+MD5 from the default signature algorithm list prevents its use by default. If a broken implementation attempts to use RSA+MD5 anyway the sanity checking of signature algorithms will cause a fatal alert. (cherry picked from commit 77a0f740d00ecf8f6b01c0685a2f858c3f65a3dd)
author: Dr. Stephen Henson <steve@openssl.org> 2013-10-15 13:37:01 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2013-10-20 22:07:33 +0100
commit: 3495842bb06fffd4c1032f224e5708295707a18e (patch)
tree: 3972edde183b7631a2ae72b492b1ee131556bee3 /ssl
parent: face65dab82debf993f61631db3c1cfffcda8234 (diff)
1 files changed, 1 insertions, 10 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index ced7b83381..dbd02e2f3f 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -876,9 +876,6 @@ static unsigned char tls12_sigalgs[] = {
 #ifndef OPENSSL_NO_SHA
 	tlsext_sigalg(TLSEXT_hash_sha1)
 #endif
-#ifndef OPENSSL_NO_MD5
-	tlsext_sigalg_rsa(TLSEXT_hash_md5)
-#endif
 };
 #ifndef OPENSSL_NO_ECDSA
 static unsigned char suiteb_sigalgs[] = {
@@ -921,13 +918,7 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
 	else
 		{
 		*psigs = tls12_sigalgs;
-#ifdef OPENSSL_FIPS
-		/* If FIPS mode don't include MD5 which is last */
-		if (FIPS_mode())
-			return sizeof(tls12_sigalgs) - 2;
-		else
-#endif
-			return sizeof(tls12_sigalgs);
+		return sizeof(tls12_sigalgs);
 		}
 	}
 /* Check signature algorithm is consistent with sent supported signature
author	Dr. Stephen Henson <steve@openssl.org>	2013-10-15 13:37:01 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2013-10-20 22:07:33 +0100
commit	3495842bb06fffd4c1032f224e5708295707a18e (patch)
tree	3972edde183b7631a2ae72b492b1ee131556bee3 /ssl
parent	face65dab82debf993f61631db3c1cfffcda8234 (diff)