OpenSSL 3.2 #7310
chrisburr
announced in
Announcements
OpenSSL 3.2
#7310
Replies: 1 comment 2 replies
-
|
Oy !!! When we upgraded to v8, we had a number of words (possibly including swearing) to convince DIRAC to stop generating 1024 proxies. |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
#mightnotworkfordirac |
Beta Was this translation helpful? Give feedback.
-
|
#6286 should be enough no ? Unless of course you still have very old proxies in your DB :-) |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
OpenSSL 3.2 was recently released with the notable change that the default SSL/TLS security level has been changed from 1 to 2:
https://github.com/openssl/openssl/blob/openssl-3.2.0/NEWS.md#openssl-32
This means 1024-bit certificates might no longer work. We already had this when we upgraded to Python 3.10 and had a workaround: #6299
The next DIRACOS2 release will likely break 1024-bit crypto for good. The error will show up something like
M2Crypto.SSL.SSLError: ee key too small. If any one sees this you should get new certificates which are more secure.#mightnotworkforgridppbutitsbeenoverayearsotimetomovetothemoresecurefuture
Beta Was this translation helpful? Give feedback.
All reactions