diff --git a/crypto/x509/algorithm.c b/crypto/x509/algorithm.c
index 7f904803d..75b3c8d8f 100644
--- a/crypto/x509/algorithm.c
+++ b/crypto/x509/algorithm.c
@@ -64,6 +64,15 @@
 
 #include "internal.h"
 
+/* Restrict the digests that are allowed in X509 certificates */
+static int x509_digest_nid_ok(const int digest_nid) {
+  switch (digest_nid) {
+    case NID_md4:
+    case NID_md5:
+      return 0;
+  }
+  return 1;
+}
 
 int x509_digest_sign_algorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
   EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
@@ -95,8 +104,10 @@ int x509_digest_sign_algorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
     return 0;
   }
 
+  const int digest_nid = EVP_MD_type(digest);
   int sign_nid;
-  if (!OBJ_find_sigid_by_algs(&sign_nid, EVP_MD_type(digest),
+  if (!x509_digest_nid_ok(digest_nid) ||
+      !OBJ_find_sigid_by_algs(&sign_nid, digest_nid,
                               EVP_PKEY_id(pkey))) {
     OPENSSL_PUT_ERROR(ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
     return 0;
@@ -126,6 +137,12 @@ int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
     return 0;
   }
 
+  /* Check for permitted digest algorithms */
+  if (!x509_digest_nid_ok(digest_nid)) {
+    OPENSSL_PUT_ERROR(ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+    return 0;
+  }
+
   /* NID_undef signals that there are custom parameters to set. */
   if (digest_nid == NID_undef) {
     if (sigalg_nid == NID_rsassaPss) {