New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security notice and clarifications #1591
Conversation
|
Codecov Report
@@ Coverage Diff @@
## master #1591 +/- ##
============================================
- Coverage 68.96% 68.95% -0.01%
+ Complexity 3997 3996 -1
============================================
Files 179 179
Lines 16622 16622
Branches 2707 2707
============================================
- Hits 11463 11462 -1
Misses 3905 3905
- Partials 1254 1255 +1 |
@magwas |
For some reasons I thought that I have already commented on this: |
Sadly the only version of java that supports AES is JDK12. I'll add that to the PR later this week |
There should be a way to support state of the art crypto (and it is a shame if the current LTS does not do it). What about integrating BouncyCastle? |
I'd prefer to avoid BC but this may be the only solution. I'll continue to look next week. |
If BC can fix this I'd be more than happy to add it to the dependencies. |
on choosing the right cipher suite for client key
I should not recommend to use simple DES without any warnings: I'm supposed to be a security professional after all.
As neither me, and presumably nor others in the project really have more time to research the problem and test solutions, I think this warning is the minimum to sleep well.
All Submissions: