mahara-contributors team mailing list archive
-
mahara-contributors team
-
Mailing list archive
-
Message #62908
[Bug 1939963] [NEW] SAML plugin creates RSA 1024 key/certificate
Public bug reported:
The SAML plugin creates RSA keys with a length of 1024 bits which is
considered insecure. Some services, such as the Swiss academic network
SWITCH, maintaining a Shibboleth-based infrastructure, don't accept RSA
1024 keys anymore.
Ideally, this should be configurable, but I would suggest to raise
default to 2048 bits:
auth/saml/lib.php, line 639
Replace
$privkey = openssl_pkey_new();
with
$privkey = openssl_pkey_new(['private_key_bits' => 2048]);
Affected version: 21.04.01
** Affects: mahara
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: mahara-contributors
https://bugs.launchpad.net/bugs/1939963
Title:
SAML plugin creates RSA 1024 key/certificate
Status in Mahara:
New
Bug description:
The SAML plugin creates RSA keys with a length of 1024 bits which is
considered insecure. Some services, such as the Swiss academic network
SWITCH, maintaining a Shibboleth-based infrastructure, don't accept
RSA 1024 keys anymore.
Ideally, this should be configurable, but I would suggest to raise
default to 2048 bits:
auth/saml/lib.php, line 639
Replace
$privkey = openssl_pkey_new();
with
$privkey = openssl_pkey_new(['private_key_bits' => 2048]);
Affected version: 21.04.01
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1939963/+subscriptions
Follow ups
