[jboss-jira] [JBoss JIRA] (JBAS-9453) AbstractAttachmentStore seems to be hard-coded to use MD5 message digest
Nicholas DiPiazza (Updated) (JIRA)
jira-events at lists.jboss.org
Wed Nov 23 13:27:40 EST 2011
[ https://issues.jboss.org/browse/JBAS-9453?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nicholas DiPiazza updated JBAS-9453:
------------------------------------
Description:
We have a requirement that we cannot use weak security algorithms in our environment. We are using JBoss 5.1.0 GA. However AbstractAttachmentStore.java seems to be hard-coded to use MD5, which is not an acceptable hashing algorithm for us.
Is there some way besides changing the source code ourselves and hard-coding it to a stronger algorithm? It would be nice if it would try SHA, etc. and some others and only choose to use MD5 if it can't find stronger ones.
was:
We need to achieve FIPS compliance with JBoss 5.1.0 GA. However AbstractAttachmentStore.java seems to be hard-coded to use MD5, which is not an acceptable hashing algorithm.
Is there some way besides changing the source code ourselves and hard-coding it to a stronger algorithm? It would be nice if it would try SHA, etc. and some others and only choose to use MD5 if it can't find stronger ones.
> AbstractAttachmentStore seems to be hard-coded to use MD5 message digest
> ------------------------------------------------------------------------
>
> Key: JBAS-9453
> URL: https://issues.jboss.org/browse/JBAS-9453
> Project: Legacy JBoss Application Server 6
> Issue Type: Enhancement
> Security Level: Public(Everyone can see)
> Affects Versions: JBossAS-5.1.0.GA
> Reporter: Nicholas DiPiazza
> Labels: AbstractAttachmentStore, FIPS
>
> We have a requirement that we cannot use weak security algorithms in our environment. We are using JBoss 5.1.0 GA. However AbstractAttachmentStore.java seems to be hard-coded to use MD5, which is not an acceptable hashing algorithm for us.
> Is there some way besides changing the source code ourselves and hard-coding it to a stronger algorithm? It would be nice if it would try SHA, etc. and some others and only choose to use MD5 if it can't find stronger ones.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list