yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #41243
[Bug 1516703] [NEW] crypto.py generates certs with SHA-1 digest
Public bug reported:
nova/crypto.py:generate_winrm_x509_cert() generates certs with default
SHA-1 digest.
The call to 'openssl req' does not specify -digest option nor
certificate config file sets digest, so certificates are generated with
SHA-1 digest. SHA-1 is not considered to be a secure algorithm for
certificates' digest.
It would be preferable to:
1) let user specify digest algorithm via a config option
2) default to SHA-256
** Affects: nova
Importance: Undecided
Status: New
** Description changed:
nova/crypto.py:generate_winrm_x509_cert() generates certs with default
SHA-1 digest.
The call to 'openssl req' does not specify -digest option nor
certificate config file sets digest, so certificates are generated with
- SHA-1 digest. SHA-1 is not considered to be a secure algorithm.
+ SHA-1 digest. SHA-1 is not considered to be a secure algorithm for
+ certificates' digest.
It would be preferable to:
1) let user specify digest algorithm via a config option
2) default to SHA-256
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1516703
Title:
crypto.py generates certs with SHA-1 digest
Status in OpenStack Compute (nova):
New
Bug description:
nova/crypto.py:generate_winrm_x509_cert() generates certs with default
SHA-1 digest.
The call to 'openssl req' does not specify -digest option nor
certificate config file sets digest, so certificates are generated
with SHA-1 digest. SHA-1 is not considered to be a secure algorithm
for certificates' digest.
It would be preferable to:
1) let user specify digest algorithm via a config option
2) default to SHA-256
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1516703/+subscriptions
