Is your feature request related to a problem? Please describe.
Fluent Bit currently contains a small number of SHA-1 and MD5 code paths.
Some MD5 usages are required for interoperability with external services (for example, cloud-provider APIs that mandate MD5-based integrity checks) and therefore cannot be removed without breaking compatibility.
The remaining SHA-1 usage appears to be limited primarily to legacy operations such as X.509 certificate fingerprint generation (for example, via X509_digest) rather than security-sensitive operations like authentication, digital signatures, or TLS certificate validation.
Although these usages do not present an immediate security vulnerability, both SHA-1 and MD5 are considered legacy cryptographic algorithms and are increasingly flagged by security scanners, compliance frameworks, and FIPS-oriented environments. Their presence often results in unnecessary compliance findings even when they are only used for non-security purposes.
Describe the solution you'd like
Deprecate SHA-1 and MD5 usage where possible, and prefer SHA-256 as the default when it does not impact protocol compatibility or interoperability.
This would reduce compliance findings while keeping Fluent Bit fully compatible with existing integrations.
Is your feature request related to a problem? Please describe.
Fluent Bit currently contains a small number of SHA-1 and MD5 code paths.
Some MD5 usages are required for interoperability with external services (for example, cloud-provider APIs that mandate MD5-based integrity checks) and therefore cannot be removed without breaking compatibility.
The remaining SHA-1 usage appears to be limited primarily to legacy operations such as X.509 certificate fingerprint generation (for example, via X509_digest) rather than security-sensitive operations like authentication, digital signatures, or TLS certificate validation.
Although these usages do not present an immediate security vulnerability, both SHA-1 and MD5 are considered legacy cryptographic algorithms and are increasingly flagged by security scanners, compliance frameworks, and FIPS-oriented environments. Their presence often results in unnecessary compliance findings even when they are only used for non-security purposes.
Describe the solution you'd like
Deprecate SHA-1 and MD5 usage where possible, and prefer SHA-256 as the default when it does not impact protocol compatibility or interoperability.
This would reduce compliance findings while keeping Fluent Bit fully compatible with existing integrations.