Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use AES-128-CBC for PKCS#12 encryption when creating files (FIPS) #3145

Closed
wants to merge 1 commit into from
Closed

Use AES-128-CBC for PKCS#12 encryption when creating files (FIPS) #3145

wants to merge 1 commit into from

Conversation

rcritten
Copy link
Contributor

A PKCS#12 file is generated from a set of input files in various
formats. This file is then used to provide the public and private
keys and certificate chain fro importing into an NSS database.

In order to work in FIPS mode stronger encryption is required.

The default OpenSSL certificate algo is 40-bit RC2 which is not
allowed in FIPS mode. The default private key algo is 3DES.
Use AES-128 instead for both.

Fixes: https://pagure.io/freeipa/issue/7948

Signed-off-by: Rob Crittenden rcritten@redhat.com

@rcritten
Use AES-128-CBC for PKCS#12 encryption when creating files (FIPS)
ee4481d 
A PKCS#12 file is generated from a set of input files in various
formats. This file is then used to provide the public and private
keys and certificate chain fro importing into an NSS database.

In order to work in FIPS mode stronger encryption is required.

The default OpenSSL certificate algo is 40-bit RC2 which is not
allowed in FIPS mode. The default private key algo is 3DES.
Use AES-128 instead for both.

Fixes: https://pagure.io/freeipa/issue/7948

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
@rcritten rcritten added the ipa-next Mark as master (4.12) only label May 14, 2019
@tiran tiran added the ack Pull Request approved, can be merged label May 14, 2019
@tiran tiran self-requested a review May 14, 2019 15:13
@tiran tiran self-assigned this May 14, 2019
@tiran tiran added prioritized Pull Request has higher priority for PR-CI re-run Trigger a new run of PR-CI labels May 14, 2019
@freeipa-pr-ci freeipa-pr-ci removed the re-run Trigger a new run of PR-CI label May 14, 2019
@rcritten
Copy link
Contributor Author

master:

  • ecc08e3 Use AES-128-CBC for PKCS#12 encryption when creating files (FIPS)

@rcritten rcritten added the pushed Pull Request has already been pushed label May 14, 2019
@rcritten rcritten closed this May 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tiran tiran tiran approved these changes

Assignees

@tiran tiran

Labels
ack Pull Request approved, can be merged ipa-next Mark as master (4.12) only prioritized Pull Request has higher priority for PR-CI pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
3 participants
@rcritten @tiran @freeipa-pr-ci