mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
Use RSA-OAEP instead of RSA PKCS#1 v1.5
jwcrypto's RSA1-5 (PKCS#1 v1.5) is vulnerable to padding oracle side-channel attacks. OAEP (PKCS#1 v2.0) is a safe, more modern alternative. https://fedorahosted.org/freeipa/ticket/6278 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
parent
a3d178b86d
commit
4ae4d0d690
@ -86,7 +86,7 @@ class CustodiaClient(object):
|
||||
url = 'https://%s/ipa/keys/%s' % (self.server, keyname)
|
||||
|
||||
# Prepare signed/encrypted request
|
||||
encalg = ('RSA1_5', 'A256CBC-HS512')
|
||||
encalg = ('RSA-OAEP', 'A256CBC-HS512')
|
||||
request = self.kemcli.make_request(keyname, encalg=encalg)
|
||||
|
||||
# Prepare Authentication header
|
||||
|
Loading…
Reference in New Issue
Block a user