Comment 13 for bug 1174499

> I suggest to just change MD5 to SHA1.
> ...
> According to the security and performance, SHA1 is the promising trade-off

Would it be possible to make it configurable? US Federal and a number of institutions with NIST like SOPs will want SHA256 or above. For them, its a question of compliance and not performance.