Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-73518

Switch MNet RC4 method to better alternative, keeping BC

    XMLWordPrintable

Details

    • Improvement
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 4.0
    • None
    • MNet
    • MOODLE_400_STABLE

    Description

      This was create by MDL-73517, when it was detected the we are using RC4 as cypher method for MNet encryption. From the original issue:

      2) Create another issue, about to consider moving the "RC4" default to a better one, surely including init vector too.

      Note that, in practice... 2) is not critical as far as now all sites run over SSL, hence, data is double encrypted, once by the MNet RC4 implementation, not ideal, and another by the http SSL layer (usually safer).

      Also, this needs to be done in a "BC way" so old sites (still using RC4 unconditionally) are able to talk with newer sites using another, better, cypher. That, or explicitly warn that, when this is implemented, older sites won't be able to talk with new ones anymore.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              stronk7 Eloy Lafuente (stronk7)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated: