At MIT we recently upgraded our base image from a debian-buster image to a debian-bookworm image. This uncovered an incompatibility between the newer version of openssl and one of the hash digests that edx-platform is using, specifically this function.
Our older TLS library was the following:
ii openssl 1.1.1d-0+deb10u7 amd64 Secure Sockets Layer toolkit - cryptographic utility
And our upgraded version is:
ii openssl 3.0.11-1~deb12u2 amd64 Secure Sockets Layer toolkit - cryptographic utility
Our research brought us to this github issue which we confirmed to match what we are seeing.
Basically, openssl + hashlib are saying that md4 is supported and available but if you actually try to invoke openssl md4 you’ll get an error saying it is not available. This can be resolved by updating the openssl configuration to include ‘legacy’ digest functions but in lieu of making a config change to an underlying library we would propose updating the hash function to something a bit newer and more widely supported. We intend to open a PR in the coming days that implements this change.
Just wanted to share in case anyone else encounters a similar issue! Thanks!
-Mike Davidson
MIT Open Learning Engineering