Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork32.2k
test: use 2048 bit RSA keys#44498
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Closed
Closed
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
lpinca approved these changesSep 3, 2022
Member
lpinca commentedSep 3, 2022 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Are you planning to update certs and keys in a follow-up PR? |
@lpinca Just realized that these were comitted too, done |
ccdd394 to814ebc5Compare@lpinca This turned to be much more laborious that I previously thought so I scaled it back to simply replacing all 1024 bit keys with 2048 bit keys, I am leaving the 2048->4096 transition to the next unlucky soul because there is a list of hard-coded test vectors produced with another crypto system meant for testing compatibility. There is also the DH512 keys which have been blocked (?) because of the logjam attack, I will do them separately |
24 tasks
17 tasks
ContributorAuthor
mmomtchev commentedSep 5, 2022 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
|
This was referencedSep 6, 2022
This was referencedSep 8, 2022
codebytere added a commit to electron/electron that referenced this pull requestNov 14, 2023
codebytere added a commit to electron/electron that referenced this pull requestNov 15, 2023
codebytere added a commit to electron/electron that referenced this pull requestNov 16, 2023
codebytere added a commit to electron/electron that referenced this pull requestNov 21, 2023
codebytere added a commit to electron/electron that referenced this pull requestNov 22, 2023
codebytere added a commit to electron/electron that referenced this pull requestNov 28, 2023
codebytere added a commit to electron/electron that referenced this pull requestNov 29, 2023
jkleinsc pushed a commit to electron/electron that referenced this pull requestNov 30, 2023
* chore: upgrade to Node.js v20* src: allow embedders to override NODE_MODULE_VERSIONnodejs/node#49279* src: fix missing trailing ,nodejs/node#46909* src,tools: initialize cppgcnodejs/node#45704* tools: allow passing absolute path of config.gypi in js2cnodejs/node#49162* tools: port js2c.py to C++nodejs/node#46997* doc,lib: disambiguate the old term, NativeModulenodejs/node#45673* chore: fixup Node.js BSSL tests*nodejs/node#49492*nodejs/node#44498* deps: upgrade to libuv 1.45.0nodejs/node#48078* deps: update V8 to 10.7nodejs/node#44741* test: use gcUntil() in test-v8-serialize-leaknodejs/node#49168* module: make CJS load from ESM loadernodejs/node#47999* src: make BuiltinLoader threadsafe and non-globalnodejs/node#45942* chore: address changes to CJS/ESM loading* module: make CJS load from ESM loader (nodejs/node#47999)* lib: improve esm resolve performance (nodejs/node#46652)* bootstrap: optimize modules loaded in the built-in snapshotnodejs/node#45849* test: mark test-runner-output as flakynodejs/node#49854* lib: lazy-load deps in modules/run_main.jsnodejs/node#45849* url: use private properties for brand checknodejs/node#46904* test: refactor `test-node-output-errors`nodejs/node#48992* assert: deprecate callTrackernodejs/node#47740* src: cast v8::Object::GetInternalField() return value to v8::Valuenodejs/node#48943* test: adapt test-v8-stats for V8 updatenodejs/node#45230* tls: ensure TLS Sockets are closed if the underlying wrapclosesnodejs/node#49327* test: deflake test-tls-socket-closenodejs/node#49575* net: fix crash due to simultaneous close/shutdown on JS Stream Socketsnodejs/node#49400* net: use asserts in JS Socket Stream to catch races in futurenodejs/node#49400* lib: fix BroadcastChannel initialization locationnodejs/node#46864* src: create BaseObject with node::Realmnodejs/node#44348* src: implement DataQueue and non-memory resident Blobnodejs/node#45258* sea: add support for V8 bytecode-only cachingnodejs/node#48191* chore: fixup patch indices* gyp: put filenames in variablesnodejs/node#46965* build: modify js2c.py into GN executable* fix: (WIP) handle string replacement of fs -> original-fs* [v20.x] backport vm-related memoryfixesnodejs/node#49874* src: make BuiltinLoader threadsafe and non-globalnodejs/node#45942* src: avoid copying string in fs_permissionnodejs/node#47746* look upon my works ye mightyand dispair* chore: patch cleanup* [api] Remove AllCan Read/Writehttps://chromium-review.googlesource.com/c/v8/v8/+/5006387* fix: missing include for NODE_EXTERN* chore: fixup patch indices* fix: fail properly when js2c fails in Node.js* build: fix js2c root_gen_dir* fix: lib/fs.js -> lib/original-fs.js* build: fix original-fs file xforms* fixup! module: make CJS load from ESM loader* build: get rid of CppHeap for now* build: add patch to prevent extra fs lookup on esm load* build: greatly simplify js2c modificationsMoves our original-fs modifications back into a super simple python script action, wires up the output of that action into our call to js2c* chore: update to handle moved internal/modules/helpers file* test: update @types/node test* feat: enable preventing cppgc heap creation* feat: optionally prevent calling V8::EnableWebAssemblyTrapHandler* fix: no cppgc initialization in the renderer* gyp: put filenames in variablesnodejs/node#46965* test: disable single executable tests* fix: nan tests failing on node headers missing file* tls,http2: send fatal alert on ALPN mismatchnodejs/node#44031* test: disable snapshot tests*nodejs/node#47887*nodejs/node#49684*nodejs/node#44193* build: use deps/v8 for v8/toolsNode.js hard depends on these in their builtins* test: fix edge snapshot stack tracesnodejs/node#49659* build: remove js2c //base dep* build: use electron_js2c_toolchain to build node_js2c* fix: don't create SafeSet outside packageResolveFixes failure in parallel/test-require-delete-array-iterator:=== release test-require-delete-array-iterator ===Path: parallel/test-require-delete-array-iteratornode:internal/per_context/primordials:426 constructor(i) { super(i); } // eslint-disable-line no-useless-constructor ^TypeError: object is not iterable (cannot read property Symbol(Symbol.iterator)) at new Set (<anonymous>) at new SafeSet (node:internal/per_context/primordials:426:22)* fix: failing crashReporter tests on LinuxThese were failing because our change from node::InitializeNodeWithArgs tonode::InitializeOncePerProcess meant that we now inadvertently calledPlatformInit, which reset signal handling. This meant that our intentionalcrash function ElectronBindings::Crash no longer worked and the renderer processno longer crashed when process.crash() was called. We don't want to use Node.js'default signal handling in the renderer process, so we disable it by passingkNoDefaultSignalHandling to node::InitializeOncePerProcess.* build: only create cppgc heap on non-32 bit platforms* chore: clean up util:CompileAndCall* src: fix compatility with upcoming V8 12.1 APIsnodejs/node#50709* fix: use thread_local BuiltinLoader* chore: fixup v8 patch indices---------Co-authored-by: Keeley Hammond <vertedinde@electronjs.org>Co-authored-by: Samuel Attard <marshallofsound@electronjs.org>
MrHuangJser pushed a commit to MrHuangJser/electron that referenced this pull requestDec 11, 2023
* chore: upgrade to Node.js v20* src: allow embedders to override NODE_MODULE_VERSIONnodejs/node#49279* src: fix missing trailing ,nodejs/node#46909* src,tools: initialize cppgcnodejs/node#45704* tools: allow passing absolute path of config.gypi in js2cnodejs/node#49162* tools: port js2c.py to C++nodejs/node#46997* doc,lib: disambiguate the old term, NativeModulenodejs/node#45673* chore: fixup Node.js BSSL tests*nodejs/node#49492*nodejs/node#44498* deps: upgrade to libuv 1.45.0nodejs/node#48078* deps: update V8 to 10.7nodejs/node#44741* test: use gcUntil() in test-v8-serialize-leaknodejs/node#49168* module: make CJS load from ESM loadernodejs/node#47999* src: make BuiltinLoader threadsafe and non-globalnodejs/node#45942* chore: address changes to CJS/ESM loading* module: make CJS load from ESM loader (nodejs/node#47999)* lib: improve esm resolve performance (nodejs/node#46652)* bootstrap: optimize modules loaded in the built-in snapshotnodejs/node#45849* test: mark test-runner-output as flakynodejs/node#49854* lib: lazy-load deps in modules/run_main.jsnodejs/node#45849* url: use private properties for brand checknodejs/node#46904* test: refactor `test-node-output-errors`nodejs/node#48992* assert: deprecate callTrackernodejs/node#47740* src: cast v8::Object::GetInternalField() return value to v8::Valuenodejs/node#48943* test: adapt test-v8-stats for V8 updatenodejs/node#45230* tls: ensure TLS Sockets are closed if the underlying wrapclosesnodejs/node#49327* test: deflake test-tls-socket-closenodejs/node#49575* net: fix crash due to simultaneous close/shutdown on JS Stream Socketsnodejs/node#49400* net: use asserts in JS Socket Stream to catch races in futurenodejs/node#49400* lib: fix BroadcastChannel initialization locationnodejs/node#46864* src: create BaseObject with node::Realmnodejs/node#44348* src: implement DataQueue and non-memory resident Blobnodejs/node#45258* sea: add support for V8 bytecode-only cachingnodejs/node#48191* chore: fixup patch indices* gyp: put filenames in variablesnodejs/node#46965* build: modify js2c.py into GN executable* fix: (WIP) handle string replacement of fs -> original-fs* [v20.x] backport vm-related memoryfixesnodejs/node#49874* src: make BuiltinLoader threadsafe and non-globalnodejs/node#45942* src: avoid copying string in fs_permissionnodejs/node#47746* look upon my works ye mightyand dispair* chore: patch cleanup* [api] Remove AllCan Read/Writehttps://chromium-review.googlesource.com/c/v8/v8/+/5006387* fix: missing include for NODE_EXTERN* chore: fixup patch indices* fix: fail properly when js2c fails in Node.js* build: fix js2c root_gen_dir* fix: lib/fs.js -> lib/original-fs.js* build: fix original-fs file xforms* fixup! module: make CJS load from ESM loader* build: get rid of CppHeap for now* build: add patch to prevent extra fs lookup on esm load* build: greatly simplify js2c modificationsMoves our original-fs modifications back into a super simple python script action, wires up the output of that action into our call to js2c* chore: update to handle moved internal/modules/helpers file* test: update @types/node test* feat: enable preventing cppgc heap creation* feat: optionally prevent calling V8::EnableWebAssemblyTrapHandler* fix: no cppgc initialization in the renderer* gyp: put filenames in variablesnodejs/node#46965* test: disable single executable tests* fix: nan tests failing on node headers missing file* tls,http2: send fatal alert on ALPN mismatchnodejs/node#44031* test: disable snapshot tests*nodejs/node#47887*nodejs/node#49684*nodejs/node#44193* build: use deps/v8 for v8/toolsNode.js hard depends on these in their builtins* test: fix edge snapshot stack tracesnodejs/node#49659* build: remove js2c //base dep* build: use electron_js2c_toolchain to build node_js2c* fix: don't create SafeSet outside packageResolveFixes failure in parallel/test-require-delete-array-iterator:=== release test-require-delete-array-iterator ===Path: parallel/test-require-delete-array-iteratornode:internal/per_context/primordials:426 constructor(i) { super(i); } // eslint-disable-line no-useless-constructor ^TypeError: object is not iterable (cannot read property Symbol(Symbol.iterator)) at new Set (<anonymous>) at new SafeSet (node:internal/per_context/primordials:426:22)* fix: failing crashReporter tests on LinuxThese were failing because our change from node::InitializeNodeWithArgs tonode::InitializeOncePerProcess meant that we now inadvertently calledPlatformInit, which reset signal handling. This meant that our intentionalcrash function ElectronBindings::Crash no longer worked and the renderer processno longer crashed when process.crash() was called. We don't want to use Node.js'default signal handling in the renderer process, so we disable it by passingkNoDefaultSignalHandling to node::InitializeOncePerProcess.* build: only create cppgc heap on non-32 bit platforms* chore: clean up util:CompileAndCall* src: fix compatility with upcoming V8 12.1 APIsnodejs/node#50709* fix: use thread_local BuiltinLoader* chore: fixup v8 patch indices---------Co-authored-by: Keeley Hammond <vertedinde@electronjs.org>Co-authored-by: Samuel Attard <marshallofsound@electronjs.org>
mhdawson added a commit to mhdawson/io.js that referenced this pull requestAug 27, 2024
Refs:nodejs#44498Refs:nodejs#53382Key sizes were increased to 2048 in PR 44498 includingthe configuration file for the generation of ca2-cert.pem.However, it seems like updating ca2-cert.pem and related filesthemselves were missed as they were not updated in the PR andthe ca2-cert.pem reported as being associated with a 1024 bit key.I believe that was the cause of some of the failures mentioned innodejs#53382 as OpenSSL 3.2increased the default security level from 1 to 2 and thatwould mean that certificates associated with keys of 1024 bitswould no longer be accepted.This PR updates the key size for ca2-cert.pem. It was notnecessary to change the config, only run the generation forthe ca2-cert.pem and related files.Signed-off-by: Michael Dawson <midawson@redhat.com>
nodejs-github-bot pushed a commit that referenced this pull requestAug 29, 2024
Refs:#44498Refs:#53382Key sizes were increased to 2048 in PR 44498 includingthe configuration file for the generation of ca2-cert.pem.However, it seems like updating ca2-cert.pem and related filesthemselves were missed as they were not updated in the PR andthe ca2-cert.pem reported as being associated with a 1024 bit key.I believe that was the cause of some of the failures mentioned in#53382 as OpenSSL 3.2increased the default security level from 1 to 2 and thatwould mean that certificates associated with keys of 1024 bitswould no longer be accepted.This PR updates the key size for ca2-cert.pem. It was notnecessary to change the config, only run the generation forthe ca2-cert.pem and related files.Signed-off-by: Michael Dawson <midawson@redhat.com>PR-URL:#54599Reviewed-By: Luigi Pinca <luigipinca@gmail.com>Reviewed-By: Richard Lau <rlau@redhat.com>Reviewed-By: James M Snell <jasnell@gmail.com>
RafaelGSS pushed a commit that referenced this pull requestAug 30, 2024
Refs:#44498Refs:#53382Key sizes were increased to 2048 in PR 44498 includingthe configuration file for the generation of ca2-cert.pem.However, it seems like updating ca2-cert.pem and related filesthemselves were missed as they were not updated in the PR andthe ca2-cert.pem reported as being associated with a 1024 bit key.I believe that was the cause of some of the failures mentioned in#53382 as OpenSSL 3.2increased the default security level from 1 to 2 and thatwould mean that certificates associated with keys of 1024 bitswould no longer be accepted.This PR updates the key size for ca2-cert.pem. It was notnecessary to change the config, only run the generation forthe ca2-cert.pem and related files.Signed-off-by: Michael Dawson <midawson@redhat.com>PR-URL:#54599Reviewed-By: Luigi Pinca <luigipinca@gmail.com>Reviewed-By: Richard Lau <rlau@redhat.com>Reviewed-By: James M Snell <jasnell@gmail.com>
RafaelGSS pushed a commit that referenced this pull requestAug 30, 2024
Refs:#44498Refs:#53382Key sizes were increased to 2048 in PR 44498 includingthe configuration file for the generation of ca2-cert.pem.However, it seems like updating ca2-cert.pem and related filesthemselves were missed as they were not updated in the PR andthe ca2-cert.pem reported as being associated with a 1024 bit key.I believe that was the cause of some of the failures mentioned in#53382 as OpenSSL 3.2increased the default security level from 1 to 2 and thatwould mean that certificates associated with keys of 1024 bitswould no longer be accepted.This PR updates the key size for ca2-cert.pem. It was notnecessary to change the config, only run the generation forthe ca2-cert.pem and related files.Signed-off-by: Michael Dawson <midawson@redhat.com>PR-URL:#54599Reviewed-By: Luigi Pinca <luigipinca@gmail.com>Reviewed-By: Richard Lau <rlau@redhat.com>Reviewed-By: James M Snell <jasnell@gmail.com>
RafaelGSS pushed a commit that referenced this pull requestAug 30, 2024
Refs:#44498Refs:#53382Key sizes were increased to 2048 in PR 44498 includingthe configuration file for the generation of ca2-cert.pem.However, it seems like updating ca2-cert.pem and related filesthemselves were missed as they were not updated in the PR andthe ca2-cert.pem reported as being associated with a 1024 bit key.I believe that was the cause of some of the failures mentioned in#53382 as OpenSSL 3.2increased the default security level from 1 to 2 and thatwould mean that certificates associated with keys of 1024 bitswould no longer be accepted.This PR updates the key size for ca2-cert.pem. It was notnecessary to change the config, only run the generation forthe ca2-cert.pem and related files.Signed-off-by: Michael Dawson <midawson@redhat.com>PR-URL:#54599Reviewed-By: Luigi Pinca <luigipinca@gmail.com>Reviewed-By: Richard Lau <rlau@redhat.com>Reviewed-By: James M Snell <jasnell@gmail.com>
sendoru pushed a commit to sendoru/node that referenced this pull requestSep 1, 2024
Refs:nodejs#44498Refs:nodejs#53382Key sizes were increased to 2048 in PR 44498 includingthe configuration file for the generation of ca2-cert.pem.However, it seems like updating ca2-cert.pem and related filesthemselves were missed as they were not updated in the PR andthe ca2-cert.pem reported as being associated with a 1024 bit key.I believe that was the cause of some of the failures mentioned innodejs#53382 as OpenSSL 3.2increased the default security level from 1 to 2 and thatwould mean that certificates associated with keys of 1024 bitswould no longer be accepted.This PR updates the key size for ca2-cert.pem. It was notnecessary to change the config, only run the generation forthe ca2-cert.pem and related files.Signed-off-by: Michael Dawson <midawson@redhat.com>PR-URL:nodejs#54599Reviewed-By: Luigi Pinca <luigipinca@gmail.com>Reviewed-By: Richard Lau <rlau@redhat.com>Reviewed-By: James M Snell <jasnell@gmail.com>
RafaelGSS pushed a commit that referenced this pull requestSep 1, 2024
Refs:#44498Refs:#53382Key sizes were increased to 2048 in PR 44498 includingthe configuration file for the generation of ca2-cert.pem.However, it seems like updating ca2-cert.pem and related filesthemselves were missed as they were not updated in the PR andthe ca2-cert.pem reported as being associated with a 1024 bit key.I believe that was the cause of some of the failures mentioned in#53382 as OpenSSL 3.2increased the default security level from 1 to 2 and thatwould mean that certificates associated with keys of 1024 bitswould no longer be accepted.This PR updates the key size for ca2-cert.pem. It was notnecessary to change the config, only run the generation forthe ca2-cert.pem and related files.Signed-off-by: Michael Dawson <midawson@redhat.com>PR-URL:#54599Reviewed-By: Luigi Pinca <luigipinca@gmail.com>Reviewed-By: Richard Lau <rlau@redhat.com>Reviewed-By: James M Snell <jasnell@gmail.com>
targos pushed a commit that referenced this pull requestSep 22, 2024
Refs:#44498Refs:#53382Key sizes were increased to 2048 in PR 44498 includingthe configuration file for the generation of ca2-cert.pem.However, it seems like updating ca2-cert.pem and related filesthemselves were missed as they were not updated in the PR andthe ca2-cert.pem reported as being associated with a 1024 bit key.I believe that was the cause of some of the failures mentioned in#53382 as OpenSSL 3.2increased the default security level from 1 to 2 and thatwould mean that certificates associated with keys of 1024 bitswould no longer be accepted.This PR updates the key size for ca2-cert.pem. It was notnecessary to change the config, only run the generation forthe ca2-cert.pem and related files.Signed-off-by: Michael Dawson <midawson@redhat.com>PR-URL:#54599Reviewed-By: Luigi Pinca <luigipinca@gmail.com>Reviewed-By: Richard Lau <rlau@redhat.com>Reviewed-By: James M Snell <jasnell@gmail.com>
aduh95 pushed a commit to aduh95/node that referenced this pull requestSep 24, 2024
Refs:nodejs#44498Refs:nodejs#53382Key sizes were increased to 2048 in PR 44498 includingthe configuration file for the generation of ca2-cert.pem.However, it seems like updating ca2-cert.pem and related filesthemselves were missed as they were not updated in the PR andthe ca2-cert.pem reported as being associated with a 1024 bit key.I believe that was the cause of some of the failures mentioned innodejs#53382 as OpenSSL 3.2increased the default security level from 1 to 2 and thatwould mean that certificates associated with keys of 1024 bitswould no longer be accepted.This PR updates the key size for ca2-cert.pem. It was notnecessary to change the config, only run the generation forthe ca2-cert.pem and related files.Signed-off-by: Michael Dawson <midawson@redhat.com>PR-URL:nodejs#54599Reviewed-By: Luigi Pinca <luigipinca@gmail.com>Reviewed-By: Richard Lau <rlau@redhat.com>Reviewed-By: James M Snell <jasnell@gmail.com>
targos pushed a commit that referenced this pull requestSep 26, 2024
Refs:#44498Refs:#53382Key sizes were increased to 2048 in PR 44498 includingthe configuration file for the generation of ca2-cert.pem.However, it seems like updating ca2-cert.pem and related filesthemselves were missed as they were not updated in the PR andthe ca2-cert.pem reported as being associated with a 1024 bit key.I believe that was the cause of some of the failures mentioned in#53382 as OpenSSL 3.2increased the default security level from 1 to 2 and thatwould mean that certificates associated with keys of 1024 bitswould no longer be accepted.This PR updates the key size for ca2-cert.pem. It was notnecessary to change the config, only run the generation forthe ca2-cert.pem and related files.Signed-off-by: Michael Dawson <midawson@redhat.com>PR-URL:#54599Reviewed-By: Luigi Pinca <luigipinca@gmail.com>Reviewed-By: Richard Lau <rlau@redhat.com>Reviewed-By: James M Snell <jasnell@gmail.com>
richardlau pushed a commit to aduh95/node that referenced this pull requestSep 27, 2024
Refs:nodejs#44498Refs:nodejs#53382Key sizes were increased to 2048 in PR 44498 includingthe configuration file for the generation of ca2-cert.pem.However, it seems like updating ca2-cert.pem and related filesthemselves were missed as they were not updated in the PR andthe ca2-cert.pem reported as being associated with a 1024 bit key.I believe that was the cause of some of the failures mentioned innodejs#53382 as OpenSSL 3.2increased the default security level from 1 to 2 and thatwould mean that certificates associated with keys of 1024 bitswould no longer be accepted.This PR updates the key size for ca2-cert.pem. It was notnecessary to change the config, only run the generation forthe ca2-cert.pem and related files.Signed-off-by: Michael Dawson <midawson@redhat.com>PR-URL:nodejs#54599Reviewed-By: Luigi Pinca <luigipinca@gmail.com>Reviewed-By: Richard Lau <rlau@redhat.com>Reviewed-By: James M Snell <jasnell@gmail.com>
maitrungduc1410 pushed a commit to maitrungduc1410/webrtc that referenced this pull requestOct 1, 2024
since 1024 is already deprecated by OpenSSL and causes "too small key"issues on systems enforcing a minimum size. Similar issue here:nodejs/node#44498The minimum key size is not yet changed from 1024, this will require more effort for deprecation.BUG=webrtc:364338811Change-Id: Id4b24a2c289ec5e3f112288d32b8ac697ba1cfedReviewed-on:https://webrtc-review.googlesource.com/c/src/+/361128Reviewed-by: David Benjamin <davidben@webrtc.org>Reviewed-by: Harald Alvestrand <hta@webrtc.org>Commit-Queue: Philipp Hancke <phancke@meta.com>Cr-Commit-Position: refs/heads/main@{#43110}
targos pushed a commit that referenced this pull requestOct 2, 2024
Refs:#44498Refs:#53382Key sizes were increased to 2048 in PR 44498 includingthe configuration file for the generation of ca2-cert.pem.However, it seems like updating ca2-cert.pem and related filesthemselves were missed as they were not updated in the PR andthe ca2-cert.pem reported as being associated with a 1024 bit key.I believe that was the cause of some of the failures mentioned in#53382 as OpenSSL 3.2increased the default security level from 1 to 2 and thatwould mean that certificates associated with keys of 1024 bitswould no longer be accepted.This PR updates the key size for ca2-cert.pem. It was notnecessary to change the config, only run the generation forthe ca2-cert.pem and related files.Signed-off-by: Michael Dawson <midawson@redhat.com>PR-URL:#54599Reviewed-By: Luigi Pinca <luigipinca@gmail.com>Reviewed-By: Richard Lau <rlau@redhat.com>Reviewed-By: James M Snell <jasnell@gmail.com>
louwers pushed a commit to louwers/node that referenced this pull requestNov 2, 2024
Refs:nodejs#44498Refs:nodejs#53382Key sizes were increased to 2048 in PR 44498 includingthe configuration file for the generation of ca2-cert.pem.However, it seems like updating ca2-cert.pem and related filesthemselves were missed as they were not updated in the PR andthe ca2-cert.pem reported as being associated with a 1024 bit key.I believe that was the cause of some of the failures mentioned innodejs#53382 as OpenSSL 3.2increased the default security level from 1 to 2 and thatwould mean that certificates associated with keys of 1024 bitswould no longer be accepted.This PR updates the key size for ca2-cert.pem. It was notnecessary to change the config, only run the generation forthe ca2-cert.pem and related files.Signed-off-by: Michael Dawson <midawson@redhat.com>PR-URL:nodejs#54599Reviewed-By: Luigi Pinca <luigipinca@gmail.com>Reviewed-By: Richard Lau <rlau@redhat.com>Reviewed-By: James M Snell <jasnell@gmail.com>
tpoisseau pushed a commit to tpoisseau/node that referenced this pull requestNov 21, 2024
Refs:nodejs#44498Refs:nodejs#53382Key sizes were increased to 2048 in PR 44498 includingthe configuration file for the generation of ca2-cert.pem.However, it seems like updating ca2-cert.pem and related filesthemselves were missed as they were not updated in the PR andthe ca2-cert.pem reported as being associated with a 1024 bit key.I believe that was the cause of some of the failures mentioned innodejs#53382 as OpenSSL 3.2increased the default security level from 1 to 2 and thatwould mean that certificates associated with keys of 1024 bitswould no longer be accepted.This PR updates the key size for ca2-cert.pem. It was notnecessary to change the config, only run the generation forthe ca2-cert.pem and related files.Signed-off-by: Michael Dawson <midawson@redhat.com>PR-URL:nodejs#54599Reviewed-By: Luigi Pinca <luigipinca@gmail.com>Reviewed-By: Richard Lau <rlau@redhat.com>Reviewed-By: James M Snell <jasnell@gmail.com>
moz-v2v-gh pushed a commit to mozilla/gecko-dev that referenced this pull requestNov 26, 2024
Upstream commit:https://webrtc.googlesource.com/src/+/d79a1859e058b6a030177b24ed8e4bb14525af79 ssl: increase default RSA key size to 2048 bits since 1024 is already deprecated by OpenSSL and causes "too small key" issues on systems enforcing a minimum size. Similar issue here:nodejs/node#44498 The minimum key size is not yet changed from 1024, this will require more effort for deprecation. BUG=webrtc:364338811 Change-Id: Id4b24a2c289ec5e3f112288d32b8ac697ba1cfed Reviewed-on:https://webrtc-review.googlesource.com/c/src/+/361128 Reviewed-by: David Benjamin <davidben@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Philipp Hancke <phancke@meta.com> Cr-Commit-Position: refs/heads/main@{#43110}
gecko-dev-updater pushed a commit to marco-c/gecko-dev-wordified-and-comments-removed that referenced this pull requestNov 26, 2024
Upstream commit:https://webrtc.googlesource.com/src/+/d79a1859e058b6a030177b24ed8e4bb14525af79 ssl: increase default RSA key size to 2048 bits since 1024 is already deprecated by OpenSSL and causes "too small key" issues on systems enforcing a minimum size. Similar issue here:nodejs/node#44498 The minimum key size is not yet changed from 1024, this will require more effort for deprecation. BUG=webrtc:364338811 Change-Id: Id4b24a2c289ec5e3f112288d32b8ac697ba1cfed Reviewed-on:https://webrtc-review.googlesource.com/c/src/+/361128 Reviewed-by: David Benjamin <davidbenwebrtc.org> Reviewed-by: Harald Alvestrand <htawebrtc.org> Commit-Queue: Philipp Hancke <phanckemeta.com> Cr-Commit-Position: refs/heads/main{#43110}UltraBlame original commit: a674447f7a1f2d87718780cf2311b324c10f5384
gecko-dev-updater pushed a commit to marco-c/gecko-dev-comments-removed that referenced this pull requestNov 27, 2024
Upstream commit:https://webrtc.googlesource.com/src/+/d79a1859e058b6a030177b24ed8e4bb14525af79 ssl: increase default RSA key size to 2048 bits since 1024 is already deprecated by OpenSSL and causes "too small key" issues on systems enforcing a minimum size. Similar issue here:nodejs/node#44498 The minimum key size is not yet changed from 1024, this will require more effort for deprecation. BUG=webrtc:364338811 Change-Id: Id4b24a2c289ec5e3f112288d32b8ac697ba1cfed Reviewed-on:https://webrtc-review.googlesource.com/c/src/+/361128 Reviewed-by: David Benjamin <davidbenwebrtc.org> Reviewed-by: Harald Alvestrand <htawebrtc.org> Commit-Queue: Philipp Hancke <phanckemeta.com> Cr-Commit-Position: refs/heads/main{#43110}UltraBlame original commit: a674447f7a1f2d87718780cf2311b324c10f5384
gecko-dev-updater pushed a commit to marco-c/gecko-dev-wordified that referenced this pull requestNov 27, 2024
Upstream commit:https://webrtc.googlesource.com/src/+/d79a1859e058b6a030177b24ed8e4bb14525af79 ssl: increase default RSA key size to 2048 bits since 1024 is already deprecated by OpenSSL and causes "too small key" issues on systems enforcing a minimum size. Similar issue here:nodejs/node#44498 The minimum key size is not yet changed from 1024, this will require more effort for deprecation. BUG=webrtc:364338811 Change-Id: Id4b24a2c289ec5e3f112288d32b8ac697ba1cfed Reviewed-on:https://webrtc-review.googlesource.com/c/src/+/361128 Reviewed-by: David Benjamin <davidbenwebrtc.org> Reviewed-by: Harald Alvestrand <htawebrtc.org> Commit-Queue: Philipp Hancke <phanckemeta.com> Cr-Commit-Position: refs/heads/main{#43110}UltraBlame original commit: a674447f7a1f2d87718780cf2311b324c10f5384
i3roly pushed a commit to i3roly/firefox-dynasty that referenced this pull requestNov 30, 2024
Upstream commit:https://webrtc.googlesource.com/src/+/d79a1859e058b6a030177b24ed8e4bb14525af79 ssl: increase default RSA key size to 2048 bits since 1024 is already deprecated by OpenSSL and causes "too small key" issues on systems enforcing a minimum size. Similar issue here:nodejs/node#44498 The minimum key size is not yet changed from 1024, this will require more effort for deprecation. BUG=webrtc:364338811 Change-Id: Id4b24a2c289ec5e3f112288d32b8ac697ba1cfed Reviewed-on:https://webrtc-review.googlesource.com/c/src/+/361128 Reviewed-by: David Benjamin <davidben@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Philipp Hancke <phancke@meta.com> Cr-Commit-Position: refs/heads/main@{#43110}
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Labels
commit-queue-failedAn error occurred while landing this pull request using GitHub Actions. commit-queue-squashAdd this label to instruct the Commit Queue to squash all the PR commits into the first one. cryptoIssues and PRs related to the crypto subsystem. needs-ciPRs that need a full CI run. review wantedPRs that need reviews. testIssues and PRs related to the tests.
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
OpenSSL now requires at least 2048
Refs:#44497