Skip to content

Removing obsolete encryption arguments #907

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 18, 2023
Merged

Removing obsolete encryption arguments #907

merged 1 commit into from
Jul 18, 2023

Conversation

lidiazuin
Copy link
Contributor

No description provided.

@lidiazuin lidiazuin changed the title Removing obsolete algorithms Removing obsolete encryption arguments Jul 17, 2023
@neo-technology-commit-status-publisher
Copy link
Collaborator

Looks like you've updated the documentation!

Check out your changes at https://neo4j-docs-operations-907.surge.sh

irene221b
irene221b reviewed Jul 18, 2023
View reviewed changes
modules/ROOT/pages/security/ssl-framework.adoc
* `-v2 aes-128-cbc -v2prf hmacWithSHA256`
* `-v2 aes-128-cbc -v2prf hmacWithSHA384`
* `-v2 aes-128-cbc -v2prf hmacWithSHA512`
* `-v2 aes-256-cbc -v2prf hmacWithSHA1`
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think hmacWithSHA1 is still ok for some usecases. Maybe we can keep it with a caveat?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Like, use carefully, the secrecy of the key is paramount, be sure that your use case doesn't rely on collision resistance etc.

Or maybe we should just follow NIST advice and not mention it, you are right. :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking it would be better to just remove them at all and keep only the ones that are the safest. But in case there's any occasion where hmacWithSHA1 is mandatory or the most logical option, we can bring it back and leave a note? Also, is this valid for all versions of Neo4j?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it is for all the versions. You are right, let's remove it and see if anyone asks for it!

@lidiazuin lidiazuin merged commit 4d00a32 into neo4j:dev Jul 18, 2023
@lidiazuin lidiazuin deleted the dev-sslframework branch July 18, 2023 09:08
lidiazuin added a commit to lidiazuin/docs-operations that referenced this pull request Jul 18, 2023
@lidiazuin
Removing obsolete encryption arguments (neo4j#907)
e005f5f
@lidiazuin lidiazuin mentioned this pull request Jul 18, 2023
Merged
lidiazuin added a commit that referenced this pull request Jul 18, 2023
@lidiazuin
Removing obsolete encryption arguments (#907) (#912)
e5bc25d 
Cherry-picked from #907
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@irene221b irene221b irene221b left review comments

Assignees
No one assigned
Labels
cherry-pick-this-backward dev
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lidiazuin @neo-technology-commit-status-publisher @irene221b