[Openstack-security] [openstack/keystone] SecurityImpact review request change I241ca72329f1ec9df778498b346d7b29c224d528
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Aug 27 22:46:59 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/117366
Log:
commit 61cd815ce153be4515ec1e9edf19ae188b781f7a
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Wed Aug 27 17:06:44 2014 -0500
pki/ssl_setup configurable digest
The digest to use for pki_setup couldn't be configured. The value was
`default`, which means that the digest was sha1. Some security
standards require the digest to be stronger (SHA2), so making the
digest configurable will allow deployments to be compliant.
SecurityImpact
DocImpact
New `message_digest_algorithm` configuration options are added to the
[signing] and [ssl] sections which default to `default`.
Change-Id: I241ca72329f1ec9df778498b346d7b29c224d528
Closes-Bug: #1362343
More information about the Openstack-security
mailing list