SAML plugin creates RSA 1024 key/certificate
Bug #1939963 reported by
Lorenz Ulrich
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
The SAML plugin creates RSA keys with a length of 1024 bits which is considered insecure. Some services, such as the Swiss academic network SWITCH, maintaining a Shibboleth-based infrastructure, don't accept RSA 1024 keys anymore.
Ideally, this should be configurable, but I would suggest to raise default to 2048 bits:
auth/saml/lib.php, line 639
Replace
$privkey = openssl_pkey_new();
with
$privkey = openssl_
Affected version: 21.04.01
Changed in mahara: | |
importance: | Undecided → Wishlist |
status: | New → Triaged |
To post a comment you must log in.