Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-77117

Add support for SHA256 (and longer) to BigBlueButton (backport of MDL-75753)

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Won't Fix
    • Icon: Minor Minor
    • None
    • 4.0.6, 4.1.6
    • BigBlueButton
    • MOODLE_400_STABLE, MOODLE_401_STABLE
    • MDL-75753-401
    • Hide

      Tested via PHP unit.

      This will need https://github.com/moodlehq/bigbluebutton_mock/pull/26 to be merged into the mock server image to work.

      Test the General config settings

      We consider here that the Bigbluebutton plugin is enabled.

      • As an admin, go to Site Administration / Bigbluebutton / General settings
      • Check that you can see bigbluebuttonbn_server_url, bigbluebuttonbn_shared_secret and bigbluebuttonbn_checksum_algorithm settings
      • Add the following to your config.php:

        $CFG->bigbluebuttonbn['server_url'] = 'https://test-moodle.blindsidenetworks.com/bigbluebutton/';
        $CFG->bigbluebuttonbn['shared_secret'] = '0b21fcaf34673a8c3ec8ed877d76ae34';
        

      • Ensure you can still see the BigBlueButton Checksum Algorithm setting
      • Add

        $CFG->bigbluebuttonbn['checksum_algorithm'] = 'SHA1';
        

        to the config.php

      • Ensure you can NOT see the BigBlueButton Checksum Algorithm setting

      Sanity check

      • As an admin, go to Site Administration / Bigbluebutton / General settings
      • Ensure that the SHA1 algorithm has been selected
      • Go to an existing (or a new) BigblueButton activity and join the meeting
      • Ensure the meeting can be joined as usual
      Show
      Tested via PHP unit. This will need https://github.com/moodlehq/bigbluebutton_mock/pull/26 to be merged into the mock server image to work. Test the General config settings We consider here that the Bigbluebutton plugin is enabled. As an admin, go to Site Administration / Bigbluebutton / General settings Check that you can see bigbluebuttonbn_server_url, bigbluebuttonbn_shared_secret and bigbluebuttonbn_checksum_algorithm settings Add the following to your config.php: $CFG->bigbluebuttonbn['server_url'] = 'https://test-moodle.blindsidenetworks.com/bigbluebutton/'; $CFG->bigbluebuttonbn['shared_secret'] = '0b21fcaf34673a8c3ec8ed877d76ae34'; Ensure you can still see the BigBlueButton Checksum Algorithm setting Add $CFG->bigbluebuttonbn['checksum_algorithm'] = 'SHA1'; to the config.php Ensure you can NOT see the BigBlueButton Checksum Algorithm setting Sanity check As an admin, go to Site Administration / Bigbluebutton / General settings Ensure that the SHA1 algorithm has been selected Go to an existing (or a new) BigblueButton activity and join the meeting Ensure the meeting can be joined as usual

      This is a backport of MDL-75753.

      It would be great if we can backport this at least to 4.0 and 4.1 so we can improve the security of the communication between BBB and Moodle even if organisation cannot update quickly to 4.2 and more.

            lmdavid Laurent DAVID
            lmdavid Laurent DAVID
            Votes:
            1 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.