diff --git a/include/crypto-headers.h b/include/crypto-headers.h
index 60737aa56..a23aaf86e 100644
--- a/include/crypto-headers.h
+++ b/include/crypto-headers.h
@@ -13,7 +13,6 @@
 #include <openssl/des.h>
 #include <openssl/rc4.h>
 #include <openssl/rc2.h>
-#include <openssl/md2.h>
 #include <openssl/md4.h>
 #include <openssl/md5.h>
 #include <openssl/sha.h>
@@ -39,7 +38,6 @@
 
 #include <hcrypto/evp.h>
 #include <hcrypto/des.h>
-#include <hcrypto/md2.h>
 #include <hcrypto/md4.h>
 #include <hcrypto/md5.h>
 #include <hcrypto/sha.h>
diff --git a/lib/hx509/crypto.c b/lib/hx509/crypto.c
index 77be4413a..26ae31602 100644
--- a/lib/hx509/crypto.c
+++ b/lib/hx509/crypto.c
@@ -149,11 +149,6 @@ const AlgorithmIdentifier _hx509_signature_md5_data = {
     { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid)
 };
 
-static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 };
-const AlgorithmIdentifier _hx509_signature_md2_data = {
-    { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid)
-};
-
 static const unsigned ecPublicKey[] ={ 1, 2, 840, 10045, 2, 1 };
 const AlgorithmIdentifier _hx509_signature_ecPublicKey = {
     { 6, rk_UNCONST(ecPublicKey) }, NULL
@@ -194,11 +189,6 @@ const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = {
     { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL
 };
 
-static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 };
-const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = {
-    { 7, rk_UNCONST(rsa_with_md2_oid) }, NULL
-};
-
 static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
 const AlgorithmIdentifier _hx509_signature_rsa_data = {
     { 7, rk_UNCONST(rsa_oid) }, NULL
@@ -1290,19 +1280,6 @@ static const struct signature_alg rsa_with_md5_alg = {
     rsa_create_signature
 };
 
-static const struct signature_alg rsa_with_md2_alg = {
-    "rsa-with-md2",
-    &asn1_oid_id_pkcs1_md2WithRSAEncryption,
-    &_hx509_signature_rsa_with_md2_data,
-    &asn1_oid_id_pkcs1_rsaEncryption,
-    &_hx509_signature_md2_data,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
-    1230739889,
-    NULL,
-    rsa_verify_signature,
-    rsa_create_signature
-};
-
 static const struct signature_alg dsa_sha1_alg = {
     "dsa-with-sha1",
     &asn1_oid_id_dsa_with_sha1,
@@ -1355,19 +1332,6 @@ static const struct signature_alg md5_alg = {
     NULL
 };
 
-static const struct signature_alg md2_alg = {
-    "rsa-md2",
-    &asn1_oid_id_rsa_digest_md2,
-    &_hx509_signature_md2_data,
-    NULL,
-    NULL,
-    SIG_DIGEST,
-    0,
-    EVP_md2,
-    evp_md_verify_signature,
-    NULL
-};
-
 /*
  * Order matter in this structure, "best" first for each "key
  * compatible" type (type is ECDSA, RSA, DSA, none, etc)
@@ -1382,13 +1346,11 @@ static const struct signature_alg *sig_algs[] = {
     &rsa_with_sha1_alg,
     &pkcs1_rsa_sha1_alg,
     &rsa_with_md5_alg,
-    &rsa_with_md2_alg,
     &heim_rsa_pkcs1_x509,
     &dsa_sha1_alg,
     &sha256_alg,
     &sha1_alg,
     &md5_alg,
-    &md2_alg,
     NULL
 };
 
@@ -1844,10 +1806,6 @@ const AlgorithmIdentifier *
 hx509_signature_md5(void)
 { return &_hx509_signature_md5_data; }
 
-const AlgorithmIdentifier *
-hx509_signature_md2(void)
-{ return &_hx509_signature_md2_data; }
-
 const AlgorithmIdentifier *
 hx509_signature_ecPublicKey(void)
 { return &_hx509_signature_ecPublicKey; }
@@ -1880,10 +1838,6 @@ const AlgorithmIdentifier *
 hx509_signature_rsa_with_md5(void)
 { return &_hx509_signature_rsa_with_md5_data; }
 
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_md2(void)
-{ return &_hx509_signature_rsa_with_md2_data; }
-
 const AlgorithmIdentifier *
 hx509_signature_rsa(void)
 { return &_hx509_signature_rsa_data; }
diff --git a/lib/hx509/ks_p11.c b/lib/hx509/ks_p11.c
index 52697f834..8258bd2e0 100644
--- a/lib/hx509/ks_p11.c
+++ b/lib/hx509/ks_p11.c
@@ -1139,7 +1139,6 @@ p11_printinfo(hx509_context context,
 		MECHNAME(CKM_SHA256, "sha256");
 		MECHNAME(CKM_SHA_1, "sha1");
 		MECHNAME(CKM_MD5, "md5");
-		MECHNAME(CKM_MD2, "md2");
 		MECHNAME(CKM_RIPEMD160, "ripemd-160");
 		MECHNAME(CKM_DES_ECB, "des-ecb");
 		MECHNAME(CKM_DES_CBC, "des-cbc");
diff --git a/lib/hx509/libhx509-exports.def b/lib/hx509/libhx509-exports.def
index 868bac724..6d7492d3d 100644
--- a/lib/hx509/libhx509-exports.def
+++ b/lib/hx509/libhx509-exports.def
@@ -198,10 +198,8 @@ EXPORTS
 	hx509_revoke_verify
 	hx509_set_error_string
 	hx509_set_error_stringv
-	hx509_signature_md2
 	hx509_signature_md5
 	hx509_signature_rsa
-	hx509_signature_rsa_with_md2
 	hx509_signature_rsa_with_md5
 	hx509_signature_rsa_with_sha1
 	hx509_signature_rsa_with_sha256
diff --git a/lib/hx509/tst-crypto-available2 b/lib/hx509/tst-crypto-available2
index b3f76e376..3b1ea6d6b 100644
--- a/lib/hx509/tst-crypto-available2
+++ b/lib/hx509/tst-crypto-available2
@@ -1,4 +1,3 @@
 2.16.840.1.101.3.4.2.1
 1.3.14.3.2.26
 1.2.840.113549.2.5
-1.2.840.113549.2.2
diff --git a/lib/hx509/version-script.map b/lib/hx509/version-script.map
index fbd1d0f73..b2b3d8213 100644
--- a/lib/hx509/version-script.map
+++ b/lib/hx509/version-script.map
@@ -201,10 +201,8 @@ HEIMDAL_X509_1.2 {
 		hx509_revoke_verify;
 		hx509_set_error_string;
 		hx509_set_error_stringv;
-		hx509_signature_md2;
 		hx509_signature_md5;
 		hx509_signature_rsa;
-		hx509_signature_rsa_with_md2;
 		hx509_signature_rsa_with_md5;
 		hx509_signature_rsa_with_sha1;
 		hx509_signature_rsa_with_sha256;