2015-11-16 16:50:30 |
Anna Sortland |
description |
nova/crypto.py:generate_winrm_x509_cert() generates certs with default SHA-1 digest.
The call to 'openssl req' does not specify -digest option nor certificate config file sets digest, so certificates are generated with SHA-1 digest. SHA-1 is not considered to be a secure algorithm.
It would be preferable to:
1) let user specify digest algorithm via a config option
2) default to SHA-256 |
nova/crypto.py:generate_winrm_x509_cert() generates certs with default SHA-1 digest.
The call to 'openssl req' does not specify -digest option nor certificate config file sets digest, so certificates are generated with SHA-1 digest. SHA-1 is not considered to be a secure algorithm for certificates' digest.
It would be preferable to:
1) let user specify digest algorithm via a config option
2) default to SHA-256 |
|