URL:
https://github.com/freeipa/freeipa/pull/3145
Author: rcritten
Title: #3145: Use AES-128-CBC for PKCS#12 encryption when creating files (FIPS)
Action: opened
PR body:
"""
A PKCS#12 file is generated from a set of input files in various
formats. This file is then used to provide the public and private
keys and certificate chain fro importing into an NSS database.
In order to work in FIPS mode stronger encryption is required.
The default OpenSSL certificate algo is 40-bit RC2 which is not
allowed in FIPS mode. The default private key algo is 3DES.
Use AES-128 instead for both.
Fixes:
https://pagure.io/freeipa/issue/7948
Signed-off-by: Rob Crittenden <rcritten(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3145/head:pr3145
git checkout pr3145