[Openstack-security] [openstack/keystone] SecurityImpact review request change I241ca72329f1ec9df778498b346d7b29c224d528
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Dec 31 15:58:55 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/117366
Log:
commit ecdb135cbd0296ca21f5bdb1f8bd1f086696433d
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Wed Aug 27 17:06:44 2014 -0500
pki/ssl_setup configurable digest
The digest to use for pki_setup couldn't be configured. The value was
`default`, which means that the digest was sha1. Some security
standards require the digest to be stronger (SHA2), so making the
digest configurable will allow deployments to be compliant.
SecurityImpact
DocImpact
New `message_digest_algorithm` configuration options are added to the
[signing] and [ssl] sections which default to `default`.
Change-Id: I241ca72329f1ec9df778498b346d7b29c224d528
Closes-Bug: #1362343
More information about the Openstack-security
mailing list