[Koha-bugs] [Bug 30594] New: Package Crypt::CBC 2.35 or higher to increase security
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Apr 22 11:21:43 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30594
Bug ID: 30594
Summary: Package Crypt::CBC 2.35 or higher to increase security
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Packaging
Assignee: koha-bugs at lists.koha-community.org
Reporter: martin.renvoize at ptfs-europe.com
QA Contact: testopia at bugs.koha-community.org
CC: mtj at kohaaloha.com
Currently, Debian mostly comes with Crypt::CBC 2.33 pre-packaged. If we
package 2.35 or above we can benefit from a performance boost as well as having
the ability to update our derivation function to using the recommended pbkdf2
algorithm instead of the backwards compatible default of opensslv1.
If we choose to package this, we should also update Koha::Encryption to reflect
the change and use pbkdf2.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list