-
-
Notifications
You must be signed in to change notification settings - Fork 449
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use md5 hashing for OpenSSL 3 #924
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it'd better do a top level feature detection. We can try create to create an md4
hasher and switch to md5
if it throws.
OpenSSL 1.1.1 can disable md4
via --no-md4
building options. [1]
OpenSSL 3.0 can enable md4
via legacy provider config option. [2]
And node.js can be built with LibreSSL, too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you move the feature detection to the top level? So we don't have to detect it on every request.
done |
Any chance to get this merged? |
Has anyone tested this change on RH Linux? RH Linux enables FIPS and md5 isn't allowed on a FIPS compliant system. Updated: RHEL8 allows SHA256. |
Before this PR |
babel-loader is currently unusable on Fedora 36. The beta is due to release this month. I added some links in #934 about webpack approach in case of interest. |
Please check if the PR fulfills these requirements
What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)
What is the current behavior? (You can also link to an open issue here)
#923
What is the new behavior?
Check
process.versions.openssl
instead ofprocess.versions.node
.Does this PR introduce a breaking change?