[jboss-jira] [JBoss JIRA] (WFLY-11192) Default ASYM_ENCRYPT asym_keylength is considered breakable

Tue Oct 16 10:23:07 EDT 2018

Radoslav Husar created WFLY-11192:
-------------------------------------

             Summary: Default ASYM_ENCRYPT asym_keylength is considered breakable
                 Key: WFLY-11192
                 URL: https://issues.jboss.org/browse/WFLY-11192
             Project: WildFly
          Issue Type: Bug
          Components: Clustering
    Affects Versions: 14.0.0.Final
            Reporter: Radoslav Husar
            Assignee: Radoslav Husar
             Fix For: 15.0.0.Alpha1

JGroups default asym_keylength is 512, however RSA keys less than 1024 bits are considered breakable (e.g. https://www.oracle.com/technetwork/java/javase/8-compatibility-guide-2156366.html )

We should baseline the default to a secure size universally supported in our supported JDKs. Also, since JDK8 the default is 2048. 

--
This message was sent by Atlassian Jira
(v7.12.1#712002)