[Openstack-security] [openstack/keystone] SecurityImpact review request change I9e42c9bafc307ba1334fa641bab76f251722044d
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Jan 7 13:47:40 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/117367
Log:
commit c46ef753ea5255aa409c154b8abfc735323ce8a7
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Wed Aug 27 17:11:06 2014 -0500
Change the default digest for pki/ssl_setup to sha256
The default digest was `default`, which meant that the digest was the
openssl default which may be sha1 or sha256 or better. Keystone will
now set the default digest to sha256, which conforms to most security
policies.
This is for security hardening.
SecurityImpact
DocImpact
The `default_message_digest` configuration options now default to
`sha256` instead of `default`.
Change-Id: I9e42c9bafc307ba1334fa641bab76f251722044d
Related-Bug: #1362343
More information about the Openstack-security
mailing list