|
|
|
|
|
|
by hannob
2188 days ago
|
|
|
> Apparently TLS already concatenates MD5 and SHA1 [2][3]. Luckily TLS no longer does such things. This was a bad workaround in old versions of TLS. Which they then replaced by a "you can use secure or insecure hash functions, you choose" in TLS 1.2 (which is hard to excuse - at the time TLS 1.2 was written the weaknesses in SHA1 and MD5 were well known). In TLS 1.3 finally they did the right thing and only support secure hash functions. |
|
|