OpenSSL 3.2 #7310
chrisburr
announced in
Announcements
OpenSSL 3.2
#7310
Replies: 1 comment 2 replies
-
|
Oy !!! When we upgraded to v8, we had a number of words (possibly including swearing) to convince DIRAC to stop generating 1024 proxies. |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
#mightnotworkfordirac |
Beta Was this translation helpful? Give feedback.
-
|
#6286 should be enough no ? Unless of course you still have very old proxies in your DB :-) |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
OpenSSL 3.2 was recently released with the notable change that the default SSL/TLS security level has been changed from 1 to 2:
https://github.com/openssl/openssl/blob/openssl-3.2.0/NEWS.md#openssl-32
This means 1024-bit certificates might no longer work. We already had this when we upgraded to Python 3.10 and had a workaround: #6299
The next DIRACOS2 release will likely break 1024-bit crypto for good. The error will show up something like
M2Crypto.SSL.SSLError: ee key too small. If any one sees this you should get new certificates which are more secure.#mightnotworkforgridppbutitsbeenoverayearsotimetomovetothemoresecurefuture
Beta Was this translation helpful? Give feedback.
All reactions