You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@camel.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2013/08/15 16:20:48 UTC

[jira] [Updated] (CAMEL-6640) Migrate XML Security key cipher algorithm away from RSA v1.5

     [ https://issues.apache.org/jira/browse/CAMEL-6640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh updated CAMEL-6640:
---------------------------------------

    Attachment: camel-6640.patch


Please apply the following patch to trunk. It contains the following functionality:

a) Some setter methods for the MGFAlgorithm in camel-core, that should have been in my last patch
b) Changed the default Key Transport algorithm to use RSA OAEP instead of RSA v1.5
c) Reject requests with RSA v1.5 unless it has been explicitly configured as the key transport algorithm.

Colm.
                
> Migrate XML Security key cipher algorithm away from RSA v1.5
> ------------------------------------------------------------
>
>                 Key: CAMEL-6640
>                 URL: https://issues.apache.org/jira/browse/CAMEL-6640
>             Project: Camel
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>            Priority: Minor
>             Fix For: 2.12.0
>
>         Attachments: camel-6640.patch
>
>
> Currently, the XML Security component uses RSA v1.5 as the default Key Transport algorithm. As there are a number of attacks on this algorithm, it is better to use the RSA OAEP algorithm instead.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira