mahara-contributors team mailing list archive

Thread
Date

[Bug 1939963] Re: SAML plugin creates RSA 1024 key/certificate

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Kristina Hoeppner <1939963@xxxxxxxxxxxxxxxxxx>
Date: Mon, 16 Aug 2021 02:23:07 -0000
Reply-to: Bug 1939963 <1939963@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

** Changed in: mahara
   Importance: Undecided => Wishlist

** Changed in: mahara
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: mahara-contributors
https://bugs.launchpad.net/bugs/1939963

Title:
  SAML plugin creates RSA 1024 key/certificate

Status in Mahara:
  Triaged

Bug description:
  The SAML plugin creates RSA keys with a length of 1024 bits which is
  considered insecure. Some services, such as the Swiss academic network
  SWITCH, maintaining a Shibboleth-based infrastructure, don't accept
  RSA 1024 keys anymore.

  Ideally, this should be configurable, but I would suggest to raise
  default to 2048 bits:

  auth/saml/lib.php, line 639

  Replace

  $privkey = openssl_pkey_new();

  with

  $privkey = openssl_pkey_new(['private_key_bits' => 2048]);

  Affected version: 21.04.01

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1939963/+subscriptions

References

[Bug 1939963] [NEW] SAML plugin creates RSA 1024 key/certificate
From: Lorenz Ulrich, 2021-08-14