Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The 3DES encryption algorithm of the pcsk8 certificate is not secure. Can it support a secure encryption algorithm? #456

Open
wang961214 opened this issue Oct 24, 2022 · 0 comments
Open

The 3DES encryption algorithm of the pcsk8 certificate is not secure. Can it support a secure encryption algorithm? #456

wang961214 opened this issue Oct 24, 2022 · 0 comments
Labels
bug

Comments

@wang961214
Copy link

When using the pkcs8 certificate, I found that the encryption algorithm 3DES of the certificate is not secure. Then I used the V2 parameter to generate the certificate, the command is as follows
image

But logstash gives an error when applying this certificate:
image
It looks like the encryption method of the certificate is not recognized!

After researching, I found that the input-beats plugin uses netty's SslContext. When using openssl to generate a certificate to specify an algorithm such as aes256, when using encryptedPrivateKeyInfo.getAlgName() to get the algorithm name, the result is: 1.2.840.113549.1.5.13, netty Don't know the name at all.

After a long exploration experiment, I found not-yet-commons-ssl-0.3.17.jar to be a good solution to try and modify using its ideas. Or support certificate formats other than pkcs8.

#372
@wang961214 wang961214 added the bug label Oct 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wang961214