bpo-34399: 2048 bits RSA keys and DH params by tiran · Pull Request #8762 · python/cpython (original) (raw)
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Conversation10 Commits1 Checks0 Files changed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
[ Show hidden characters]({{ revealButtonHref }})
NOTE: 2.7 and 3.6 need additional fixes from GH-5247
| 82:1e:06:47:02:7f:ac:fc:8b:5f:1a:14:c3:c0:ee: |
|---|
| 28:81:d1:48:7d:78:f0:17:dc:c8:aa:ae:07:b7:39: |
| 56:cb |
| generator: 2 (0x2) |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one improvement towards future-compatibility could be to use standardized DH prime parameters e.g., from rfc7919. Thinking of future implementation change which could verify that the primes used come from a known set params.
@nmav I have updated the DH test file to use RFC 7919 high FFDH parameters with 3072 bits.
Downstream vendors have started to deprecate weak keys. Update all RSA keys and DH params to use at least 2048 bits.
Finite field DH param file use RFC 7919 values, generated with
certtool --get-dh-params --sec-param=highSigned-off-by: Christian Heimes christian@python.org
@tiran: Please replace # with GH- in the commit message next time. Thanks!
Thanks @tiran for the PR 🌮🎉.. I'm working now to backport this PR to: 2.7, 3.6, 3.7.
🐍🍒⛏🤖
Sorry, @tiran, I could not cleanly backport this to 3.6 due to a conflict.
Please backport using cherry_picker on command line.cherry_picker 88bfd0bce05043f658e50addd21366f317995e35 3.6
Sorry, @tiran, I could not cleanly backport this to 2.7 due to a conflict.
Please backport using cherry_picker on command line.cherry_picker 88bfd0bce05043f658e50addd21366f317995e35 2.7
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request
Downstream vendors have started to deprecate weak keys. Update all RSA keys and DH params to use at least 2048 bits.
Finite field DH param file use RFC 7919 values, generated with
certtool --get-dh-params --sec-param=highSigned-off-by: Christian Heimes christian@python.org (cherry picked from commit 88bfd0b)
Co-authored-by: Christian Heimes christian@python.org
tiran added a commit to tiran/cpython that referenced this pull request
Downstream vendors have started to deprecate weak keys. Update all RSA keys and DH params to use at least 2048 bits.
Finite field DH param file use RFC 7919 values, generated with
certtool --get-dh-params --sec-param=highSigned-off-by: Christian Heimes christian@python.org. (cherry picked from commit 88bfd0b)
Co-authored-by: Christian Heimes christian@python.org
tiran added a commit to tiran/cpython that referenced this pull request
Downstream vendors have started to deprecate weak keys. Update all RSA keys and DH params to use at least 2048 bits.
Finite field DH param file use RFC 7919 values, generated with
certtool --get-dh-params --sec-param=highSigned-off-by: Christian Heimes christian@python.org. (cherry picked from commit 88bfd0b)
Co-authored-by: Christian Heimes christian@python.org
tiran added a commit that referenced this pull request
Downstream vendors have started to deprecate weak keys. Update all RSA keys and DH params to use at least 2048 bits.
Finite field DH param file use RFC 7919 values, generated with
certtool --get-dh-params --sec-param=highSigned-off-by: Christian Heimes christian@python.org (cherry picked from commit 88bfd0b)
Co-authored-by: Christian Heimes christian@python.org
tiran added a commit that referenced this pull request
Downstream vendors have started to deprecate weak keys. Update all RSA keys and DH params to use at least 2048 bits.
Finite field DH param file use RFC 7919 values, generated with
certtool --get-dh-params --sec-param=highSigned-off-by: Christian Heimes christian@python.org. (cherry picked from commit 88bfd0b)
Co-authored-by: Christian Heimes christian@python.org
tiran added a commit that referenced this pull request
Downstream vendors have started to deprecate weak keys. Update all RSA keys and DH params to use at least 2048 bits.
Finite field DH param file use RFC 7919 values, generated with
certtool --get-dh-params --sec-param=highSigned-off-by: Christian Heimes christian@python.org. (cherry picked from commit 88bfd0b)
Co-authored-by: Christian Heimes christian@python.org
carljm added a commit to carljm/cpython that referenced this pull request
- master: (107 commits) bpo-22057: Clarify eval() documentation (pythonGH-8812) bpo-34318: Convert deprecation warnings to errors in assertRaises() etc. (pythonGH-8623) bpo-22602: Raise an exception in the UTF-7 decoder for ill-formed sequences starting with "+". (pythonGH-8741) bpo-34415: Updated logging.Formatter docstring. (pythonGH-8811) bpo-34432: doc Mention complex and decimal.Decimal on str.format not about locales (pythonGH-8808) bpo-34381: refer to 'Running & Writing Tests' in README.rst (pythonGH-8797) Improve error message when mock.assert_has_calls fails (pythonGH-8205) Warn not to set SIGPIPE to SIG_DFL (python#6773) bpo-34419: selectmodule.c does not compile on HP-UX due to bpo-31938 (pythonGH-8796) bpo-34418: Fix HTTPErrorProcessor documentation (pythonGH-8793) bpo-34391: Fix ftplib test for TLS 1.3 (pythonGH-8787) bpo-34217: Use lowercase for windows headers (pythonGH-8472) bpo-34395: Fix memory leaks caused by incautious usage of PyMem_Resize(). (pythonGH-8756) bpo-34405: Updated to OpenSSL 1.1.0i for Windows builds. (pythonGH-8775) bpo-34384: Fix os.readlink() on Windows (pythonGH-8740) closes bpo-34400: Fix undefined behavior in parsetok(). (pythonGH-4439) bpo-34399: 2048 bits RSA keys and DH params (python#8762) Make regular expressions in test_tasks.py raw strings. (pythonGH-8759) smtplib documentation fixes (pythonGH-8708) Fix misindented yaml in logging how to example (pythonGH-8604) ...