search

pki-bot / pki-issues-final

0 stars 0 forks source link

Dogtag should support AES ciphers in SCEP #2466

Open pki-bot opened 4 years ago

pki-bot commented 4 years ago

This issue was migrated from Pagure Issue #2917. Originally filed by tvaughan (@trevor-vaughan) on 2018-01-30 17:37:01:

According to https://tools.ietf.org/html/draft-gutmann-scep-06#section-2.8, AES is now mandatory to implement for SCEP.

Looking at the dogtag code, this should be relatively simple since the underlying logic at https://github.com/dogtagpki/pki/blob/master/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java#L1125-L1130 seems to just choose between DES and DES3 without allowing for other ciphers.

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2018-02-01 11:57:18

Metadata Update from @mharmsen:

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2018-02-01 13:52:46

Metadata Update from @mharmsen:

pki-bot commented 4 years ago

Comment from cfu (@cfu) at 2018-02-01 17:29:34

Hi, thank you for bringing up the issue. Would you be interested in contributing to the code by providing a patch? From time to time we get patch contributions from the community and we find such practice beneficial to all parties due to limited resources on our end. The process will require the contributor to provide a working patch against the master, complete with details on how it's setup and the testing procedure. The Dogtag team will then assign someone to review the code. Once the fix is hashed out, patch will be checked in with proper credit given to the contributor.

Please let us know.

pki-bot commented 4 years ago

Comment from tvaughan (@trevor-vaughan) at 2018-02-01 19:12:55

@cfu I don't mind in theory but I have no idea when I'll be able to get to it since I'm currently trying to patch both certmonger and sscep to work properly.