CSPs of type PROV_RSA_SCHANNEL must support the CALG_SSL3_SHAMD5 hash type, in a manner compatible with the Microsoft base cryptographic provider.
SSL 3.0 and TLS 1.0 client authentication use the algorithm identifier CALG_SSL3_SHAMD5. The hash consists of a concatenation of a MD5 hash and a SHA hash and is signed with a RSA private key. CryptoAPI and the Microsoft providers support this with the hash type CALG_SSL3_SHAMD5. A handle to a hash value of this type is created with the CryptCreateHash function with CALG_SSL3_SHAMD5 in the Algid parameter. After a handle to the hash is obtained, the hash value is set with the CryptSetHashParam function. Calls to CryptHashData will fail with a handle to a hash of this type. Instead the data is hashed independently of this hash object with MD5 and SHA, the resulting hash values are then concatenated with the MD5 value leftmost and the SHA value rightmost. This will result in a 36 byte value (16 bytes + 20 bytes) which is set with CryptSetHashParam. The concatenated hash values are passed in the pbData parameter, and the HP_HASHVAL value must be passed in the dwParam parameter. Once the hash is set then a CryptSignHash is called to generate the signature. Finally a CryptDestroyHash is called to destroy the hash object.