[Ach] Algorithm Check on Path Validation?

Martin Rublik martin.rublik at gmail.com
Tue Jan 28 14:54:52 CET 2014

On 28. 1. 2014 11:31, Rainer Hoerbe wrote:
> I could not perform practical research on this, except the observation that client certificates using RSA1024/MD5 seem to be happily accepted by a number of web servers. So any validation of my assumptions is very welcome.

Just for the MS IIS. According to
it looks like MD5 is deprecated after installation of KB 2862966, but it only
applies to:
-server authentication
-code signing
-time stamping

It does not apply to client authentication.

On the other hand it looks like that according to
http://technet.microsoft.com/en-us/library/dn375961.aspx it is possible to block
*all* certificates using MD5. I'll test and report back.


More information about the Ach mailing list