No, I can't verify on linux first because "managed computer". I'll look at OpenSSL now, my previous web search told me I would have to build from source. But I do want to keep going back to the original point... It can't be just me. Is it really impossible to make available a secure modern hash AND a backwards-compatible "mostly" secure older hash? As far as I know, sha2 as of today is only compromised theoretically, not practically. In the meantime, some Windows users are a little stuck.