Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

export-p12, OpenSSL v1.x: Upgrade PBE and MAC options #1083

Closed

Conversation

TinCanTech
Copy link
Collaborator

OpenSSL v1.x defaults for 'pkcs12' files uses 'legacy' cryptography:

  • PBE uses RC2_CBC or 3DES_CBC
  • MAC uses SHA1

OpenSSL v1.x settings are no longer considered to be secure.

OpenSSL v3.x defaults for 'pkcs12' files are:

  • PBE uses AES-256-CBC
  • MAC uses SHA256

EasyRSA will now use OpenSSL v3.x cryptography for command 'export-p12' when using OpenSSL v1.x

Use of EasyRSA command option 'legacy' will revert to the old behavior.

OpenSSL v1.x defaults for 'pkcs12' files uses 'legacy' cryptography:
- PBE uses RC2_CBC or 3DES_CBC
- MAC uses SHA1

OpenSSL v1.x settings are no longer considered to be secure.

OpenSSL v3.x defaults for 'pkcs12' files are:
- PBE uses AES-256-CBC
- MAC uses SHA256

EasyRSA will now use OpenSSL v3.x cryptography for command 'export-p12'
when using OpenSSL v1.x

Use of EasyRSA command option 'legacy' will revert to the old behavior.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Copy link
Collaborator Author

Based-on: #1081

@TinCanTech
Copy link
Collaborator Author

Superseded-by: #1084

@TinCanTech TinCanTech closed this Mar 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant