md2 support?

Martijn Koster m.koster at
Mon Dec 6 12:09:31 CET 2004

Hi all,

I ran into various certificate chains that gnutls cannot verify because
they use a Verisign CA certificate with an md2 hash, which is not
supported in gnutls, because there is no md2 support in libgcrypt.

This was previously reported by Luca Centamore, archived in
Werner Koch explained md2 support was removed because rfc1319 lists it
as licensed for PEM only, and because the algorithm is ancient and

I recalled hearing that RSA had later extended that license to "any
purpose", and after some searching I found this documented at Does this address Werner's
licensing concerns?

Now I know the use of MD2 is no longer recommended because of
weaknesses. But it seems wrong to restrict the ability to communicate
with SSL servers using those certificates solely because we know the
checksum algorithm is weak. For comparison, Mozilla's NSS does support
these certificates. Personally I would obtain certificates that wouldn't
have these issues, but obviously these certificates issued to third
parties are not something I can control.

I would therefore ask you to please reconsider adding md2-support back.


-- Martijn

More information about the Gcrypt-devel mailing list