parameters offering below 80 bits of security are excluded. As a result RSA,
DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits
are prohibited. Any cipher suite using MD5 for the MAC is also prohibited. Any
-cipher suites using CCM with a 64 bit authentication tag are prohibited.
+cipher suites using CCM with a 64 bit authentication tag are prohibited. Note
+that signatures using SHA1 and MD5 are also forbidden at this level as they
+have less than 80 security bits.
=item B<Level 2>
alert.
Attempts to set certificates or parameters with insufficient security are
-also blocked. For example trying to set a certificate using a 512 bit RSA
-key using SSL_CTX_use_certificate() at level 1. Applications which do not
-check the return values for errors will misbehave: for example it might
-appear that a certificate is not set at all because it had been rejected.
+also blocked. For example trying to set a certificate using a 512 bit RSA key
+or a certificate with a signature with SHA1 digest at level 1 using
+SSL_CTX_use_certificate(). Applications which do not check the return values
+for errors will misbehave: for example it might appear that a certificate is
+not set at all because it had been rejected.
=head1 RETURN VALUES