Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-73518

Switch MNet RC4 method to better alternative, keeping BC

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • 4.0
    • MNet
    • MOODLE_400_STABLE

      This was create by MDL-73517, when it was detected the we are using RC4 as cypher method for MNet encryption. From the original issue:

      2) Create another issue, about to consider moving the "RC4" default to a better one, surely including init vector too.

      Note that, in practice... 2) is not critical as far as now all sites run over SSL, hence, data is double encrypted, once by the MNet RC4 implementation, not ideal, and another by the http SSL layer (usually safer).

      Also, this needs to be done in a "BC way" so old sites (still using RC4 unconditionally) are able to talk with newer sites using another, better, cypher. That, or explicitly warn that, when this is implemented, older sites won't be able to talk with new ones anymore.

            Unassigned Unassigned
            stronk7 Eloy Lafuente (stronk7)
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.