[Openstack-security] [openstack/keystone] SecurityImpact review request change I241ca72329f1ec9df778498b346d7b29c224d528
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Dec 31 16:23:19 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/117366
Log:
commit 6929e3fe15f35376f32bc890661373b7a66685cd
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Wed Aug 27 17:06:44 2014 -0500
pki/ssl_setup configurable digest
The digest to use for pki_setup couldn't be configured. The value was
`default`, which on some systems means that the digest was sha1. Some
security standards require the digest to be stronger (SHA2), so making
the digest configurable will allow deployments to be compliant.
SecurityImpact
DocImpact
New `message_digest_algorithm` configuration options are added to the
[signing] and [ssl] sections which default to `default`.
Change-Id: I241ca72329f1ec9df778498b346d7b29c224d528
Closes-Bug: #1362343
More information about the Openstack-security
mailing list