[DocDB] Unit test key/certificate pairs should use 2048+ bits for RSA private keys #20370
Closed
1 task done
Assignees
Labels
area/docdb
YugabyteDB core features
kind/enhancement
This is an enhancement of an existing feature
priority/medium
Medium priority issue
Comments
es1024
added
area/docdb
yugabyte-ci
added
kind/enhancement
es1024
added a commit
that referenced
this issue
Jan 19, 2024
…airs Summary: Unit tests currently use 1024-bit RSA keys, but FIPS 140-2 requires 2048-bit or higher keys for RSA, so the existing keys/certificates are unusable when the OpenSSL FIPS provider is used. This diff updates the keys to be 2048-bit. This diff also moves generation of keys and certificates for unit tests from being an adhoc process to being part of the build. Jira: DB-9363 Test Plan: Jenkins Reviewers: mbautin Reviewed By: mbautin Subscribers: rthallam, ybase Differential Revision: https://phorge.dev.yugabyte.com/D31282
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Jira Link: DB-9363
Description
We currently use 1024-bit RSA private keys for key/certificate pairs for unit tests, but FIPS 140-2 requires a minimum of 2048 bits for RSA keys, resulting in TLS unit tests being unable to run when the OpenSSL FIPS provider is used. These keys should be changed to be 2048 bits.
Issue Type
kind/enhancement
Warning: Please confirm that this issue does not contain any sensitive information
The text was updated successfully, but these errors were encountered: