5f43a7
diff -r 699541a7793b lib/pk11wrap/pk11pars.c
1b57e1
--- a/lib/pk11wrap/pk11pars.c	2021-04-16 14:43:41.668835607 -0700
1b57e1
+++ b/lib/pk11wrap/pk11pars.c	2021-04-16 14:43:50.585888411 -0700
1b57e1
@@ -324,11 +324,11 @@ static const oidValDef curveOptList[] =
5f43a7
 static const oidValDef hashOptList[] = {
5f43a7
     /* Hashes */
5f43a7
     { CIPHER_NAME("MD2"), SEC_OID_MD2,
1b57e1
-      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
5f43a7
+      0 },
5f43a7
     { CIPHER_NAME("MD4"), SEC_OID_MD4,
1b57e1
-      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
5f43a7
+      0 },
5f43a7
     { CIPHER_NAME("MD5"), SEC_OID_MD5,
1b57e1
-      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
5f43a7
+      0 },
5f43a7
     { CIPHER_NAME("SHA1"), SEC_OID_SHA1,
1b57e1
       NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
5f43a7
     { CIPHER_NAME("SHA224"), SEC_OID_SHA224,
5f43a7
diff -r 699541a7793b lib/util/secoid.c
5f43a7
--- a/lib/util/secoid.c	Tue Jun 16 23:03:22 2020 +0000
5f43a7
+++ b/lib/util/secoid.c	Thu Jun 25 14:33:09 2020 +0200
5f43a7
@@ -2042,6 +2042,19 @@
5f43a7
             int i;
5f43a7
 
5f43a7
             for (i = 1; i < SEC_OID_TOTAL; i++) {
5f43a7
+                switch (i) {
5f43a7
+                case SEC_OID_MD2:
5f43a7
+                case SEC_OID_MD4:
5f43a7
+                case SEC_OID_MD5:
5f43a7
+                case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
5f43a7
+                case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
5f43a7
+                case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
5f43a7
+                case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC:
5f43a7
+                case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC:
5f43a7
+                    continue;
5f43a7
+                default:
5f43a7
+                    break;
5f43a7
+                }
5f43a7
                 if (oids[i].desc && strstr(arg, oids[i].desc)) {
5f43a7
                     xOids[i].notPolicyFlags = notEnable |
5f43a7
                                               (xOids[i].notPolicyFlags & ~(DEF_FLAGS));