Seeing a message in a different forum for a different product, I have discovered a workaround.
Edit /lib/python2.7/site-packages/suricata/update/main.py in three locations where hashlib.md5 is called. add ,usedforsecurity=False then the script appears to run correctly.
Example: hashlib.md5(url.encode(“utf-8”),usedforsecurity=False).hexdigest()
I would HIGHLY recommend making a backup copy of the py script prior to editing it, just in case…