[Openstack-security] [Bug 1362343] Change abandoned on keystone (master)
OpenStack Infra
1362343 at bugs.launchpad.net
Mon Dec 15 21:57:12 UTC 2014
Change abandoned by Morgan Fainberg (morgan.fainberg at gmail.com) on branch: master
Review: https://review.openstack.org/117380
Reason: This change is being abandoned because it has a negative score and has not seen an update in > 60 days. Feel free to re-instate this patch (as the author) by using the "restore" button or any member of the core team can re-instate the patch.
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1362343
Title:
weak digest algorithm for PKI
Status in OpenStack Identity (Keystone):
In Progress
Status in Python client library for Keystone:
Fix Released
Bug description:
The digest algorithm for PKI tokens is the openssl default of sha1.
This is a weak algorithm and some security standards require a
stronger algorithm such as sha256. Keystone should make the token
digest hash algorithm configurable so that deployments can use a
stronger algorithm.
Also, the default could be stronger.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1362343/+subscriptions
More information about the Openstack-security
mailing list