URL: https://github.com/freeipa/freeipa/pull/3145 Author: rcritten Title: #3145: Use AES-128-CBC for PKCS#12 encryption when creating files (FIPS) Action: opened PR body: """ A PKCS#12 file is generated from a set of input files in various formats. This file is then used to provide the public and private keys and certificate chain fro importing into an NSS database. In order to work in FIPS mode stronger encryption is required. The default OpenSSL certificate algo is 40-bit RC2 which is not allowed in FIPS mode. The default private key algo is 3DES. Use AES-128 instead for both. Fixes: https://pagure.io/freeipa/issue/7948 Signed-off-by: Rob Crittenden <rcritten(a)redhat.com&gt; """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3145/head:pr3145 git checkout pr3145