Comment # 13 on bug 1209053 from Pedro Monreal Gonzalez

Created attachment 875923 [details]
Digests check in last Factory version

Hello, all.

I just took over maintainership of openssl from Otto. We are in the middle of
the FIPS certification round for SP6 and I run a test over all the digest algos
in both Factory and SP6 and all that should be blocked is already blocked. See
the attached 
 file. Note that sha1 is still allowed until the end of 2030, see [0]. For
sha1, we are implementing a way to disable it via crypto-policies and we will
ask the certifying laboratory to document that in the FIPS security policy.

Please, could you verify this on your end? TIA

[0]
https://csrc.nist.gov/news/2022/nist-transitioning-away-from-sha-1-for-all-apps