[Openstack-security] [openstack/keystone] SecurityImpact review request change I9e42c9bafc307ba1334fa641bab76f251722044d
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Dec 31 16:23:25 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/117367
Log:
commit 7bb5b544fc6ab33d1ab4c1b140bccccf797c96d2
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Wed Aug 27 17:11:06 2014 -0500
Change the default digest for pki/ssl_setup to sha256
The default digest was `default`, which meant that the digest was the
openssl default which may be sha1 or sha256 or better. Keystone will
now set the default digest to sha256, which conforms to most security
policies.
This is for security hardening.
SecurityImpact
DocImpact
The `default_message_digest` configuration options now default to
`sha256` instead of `default`.
Change-Id: I9e42c9bafc307ba1334fa641bab76f251722044d
Related-Bug: #1362343
More information about the Openstack-security
mailing list