[Openstack-security] [Bug 1516703] Re: crypto.py generates certs with SHA-1 digest
Sean Dague
sean at dague.net
Wed Jun 28 16:13:22 UTC 2017
** Changed in: nova
Status: New => Confirmed
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1516703
Title:
crypto.py generates certs with SHA-1 digest
Status in OpenStack Compute (nova):
Confirmed
Bug description:
nova/crypto.py:generate_winrm_x509_cert() generates certs with default
SHA-1 digest.
The call to 'openssl req' does not specify -digest option nor
certificate config file sets digest, so certificates are generated
with SHA-1 digest. SHA-1 is not considered to be a secure algorithm
for certificates' digest.
It would be preferable to:
1) let user specify digest algorithm via a config option
2) default to SHA-256
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1516703/+subscriptions
More information about the Openstack-security
mailing list