freeipa

Clone
Source Code
GIT

ecc08e3 Use AES-128-CBC for PKCS#12 encryption when creating files (FIPS)

Authored and Committed by rcritten 4 years ago
raw patch tree parent
1 file changed. 2 lines added. 0 lines removed.
ipapython/certdb.py
file modified
+2 -0 
    Use AES-128-CBC for PKCS#12 encryption when creating files (FIPS)
    
    A PKCS#12 file is generated from a set of input files in various
    formats. This file is then used to provide the public and private
    keys and certificate chain fro importing into an NSS database.
    
    In order to work in FIPS mode stronger encryption is required.
    
    The default OpenSSL certificate algo is 40-bit RC2 which is not
    allowed in FIPS mode. The default private key algo is 3DES.
    Use AES-128 instead for both.
    
    Fixes: https://pagure.io/freeipa/issue/7948
    
    Signed-off-by: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
file modified
+2 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.