3DES/TDEA/des3 shown in examples, although it has been deprecated in 2017
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Charms Deployment Guide |
Fix Released
|
Medium
|
Peter Matulis | ||
OpenStack Octavia Charm |
Fix Released
|
Medium
|
Peter Matulis |
Bug Description
This bug tracker is for errors with the documentation, use the following as a template and remove or add fields as you see fit. Convert [ ] into [x] to check boxes:
- [ ] This doc is inaccurate in this way: ______
- [ ] This is a doc addition request.
- [x] I have a fix to the document that I can paste below including example: input and output.
If you have a troubleshooting or support issue, use the following resources:
- The mailing list: https:/
- IRC: 'openstack' channel on OFTC
-------
Release: 0.0.1.dev415 on 2021-10-22 18:36:27
SHA: bdf8817a2e907b5
Source: https:/
URL: https:/
NIST deprecated triple DES in 2017[0], but example genrsa commands shown in this page suggest its use.
Though not a security issue per se (it's just a cli example), there is a high risk these commands will make their way into production systems via copy/paste.
I also noted that the openssl 1.1.1j man lists the genrsa subcommand as being deprecated in favor of genpkey.
The examples should therefore probably list something like the following instead:
openssl genpkey -algorithm RSA -out issuing_ca_key.pem -aes-256-ecb -pass pass:$PASSWORD
[0] https:/
Changed in charm-deployment-guide: | |
importance: | Undecided → Medium |
status: | New → In Progress |
assignee: | nobody → Peter Matulis (petermatulis) |
Changed in charm-octavia: | |
importance: | Undecided → Medium |
assignee: | nobody → Peter Matulis (petermatulis) |
Changed in charm-octavia: | |
status: | New → In Progress |
Changed in charm-deployment-guide: | |
status: | Fix Released → New |
Changed in charm-octavia: | |
status: | In Progress → Fix Committed |
Changed in charm-octavia: | |
milestone: | none → 22.04 |
Changed in charm-octavia: | |
status: | Fix Committed → Fix Released |
If that's the case, the charm README may need to be also updated: /github. com/openstack/ charm-octavia/ blob/49b7a2348f db4b4a2c57afce7 531a4780c63ccb9 /src/README. md
https:/