[Openstack-security] [Bug 1362343] Change abandoned on keystone (master)

OpenStack Infra 1362343 at bugs.launchpad.net
Fri Feb 13 16:10:34 UTC 2015


Change abandoned by Brant Knudson (bknudson at us.ibm.com) on branch: master
Review: https://review.openstack.org/117366
Reason: Makes sense to tell people to use their own certs instead.

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1362343

Title:
  weak digest algorithm for PKI

Status in OpenStack Identity (Keystone):
  In Progress
Status in Python client library for Keystone:
  Fix Released

Bug description:
  The digest algorithm for PKI tokens is the openssl default of sha1.
  This is a weak algorithm and some security standards require a
  stronger algorithm such as sha256. Keystone should make the token
  digest hash algorithm configurable so that deployments can use a
  stronger algorithm.

  Also, the default could be stronger.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1362343/+subscriptions




More information about the Openstack-security mailing list