You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We add a new option on the configuratio which toggles the use of hash
algorithms that are deemed insecure. We default to disallowing insecure
hash algorithms, MD2 (which we don't support at all), MD5 and SHA-1.
When parsing signature algorithms we check whether it's being passed an
insecure hash algorithm, and whether we are configured to allow it or
not. If we don't allow it, we omit adding it, to ensure we never
advertise this capability.
0 commit comments