Join GitHub today
crypto/x509: replace MD5 in PEM encryption? #32777
That's not a change we can make unilaterally. It would make it impossible to decrypt PEM files encrypted by OpenSSL or by previous versions of Go.
Thankfully, it's not being used as a collision-resistant hash, but as a key derivation function, and MD5 is not broken for that purpose.
I will look into the spec to see if there's anything we can change.
I think that could be added as additional convenience functions in crypto/x509/pem_decrypt.go.