Use md5 hashing for OpenSSL 3

[pathmapper]

Please check if the PR fulfills these requirements

• Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)

What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)

• Bugfix
• Feature
• Code style update (formatting, local variables)
• Refactoring (no functional changes, no api changes)
• Build related changes
• CI related changes
• Other... Please describe:

What is the current behavior? (You can also link to an open issue here)

#923

What is the new behavior?

Check process.versions.openssl instead of process.versions.node.

Does this PR introduce a breaking change?

• Yes
• No

[JLHwung]

I think it'd better do a top level feature detection. We can try create to create an md4 hasher and switch to md5 if it throws.

OpenSSL 1.1.1 can disable md4 via --no-md4 building options. [1]

OpenSSL 3.0 can enable md4 via legacy provider config option. [2]

And node.js can be built with LibreSSL, too.

[pathmapper]

@JLHwung is ba92115 what you are thinking about?

[JLHwung]

Can you move the feature detection to the top level? So we don't have to detect it on every request.

[pathmapper]

move the feature detection to the top level

done

[pathmapper]

Any chance to get this merged?

[sirin2639]

Has anyone tested this change on RH Linux? RH Linux enables FIPS and md5 isn't allowed on a FIPS compliant system.

Updated: RHEL8 allows SHA256.

[JLHwung]

Before this PR babel-loader uses md4 which is not FIPS compliant, too. We can open a new issue tracking how we should handle FIPS compliance.

[sonnyp]

babel-loader is currently unusable on Fedora 36. The beta is due to release this month.

I added some links in #934 about webpack approach in case of interest.