Uploaded image for project: 'MyFaces Core'
  1. MyFaces Core
  2. MYFACES-4376

Update Cryptographic algorithm in StateUtils to a stronger version

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.0.0-RC1, 2.3-next-M4, 4.0.0-RC1
    • 2.3-next-M5, 3.0.0, 4.0.0-RC1
    • General
    • None

    Description

      Change the parameters

      org.apache.myfaces.ALGORITHM  from DES to AES

      and

      org.apache.MAC_ALGORITHM  from HmacSHA1 to HmacSHA256 

      DES and HmacSHA1 are considered to be weak

       

      Attachments

        Activity

          People

            bommel Bernd Bohmann
            bommel Bernd Bohmann
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: