Remove support for RC2 and RC4 - signed attributes fail with Sterling

Question

Remove support for RC2 and RC4 - signed attributes fail with Sterling

Closed this issue 5 years ago · 1 comments

When sending signed message to Sterling B2B Integrator, the ASN1 code for RC4 Cipher is not being picked up and message transmission fails.

Removing the attribute by commenting line 248-250 in pyas2-lib - cms.py, leads to a successful transmission.

As RC2 and RC4 are not secure algorithms and support for same is being removed in most common places, the support for same should be removed from django-pyas2 and pyas2-lib as well.

Answer 1 · 2020-04-09T13:01:06.000Z

Update on above - with pyas2-lib version 1.3, the above issue does not happen anymore. So, suggest to upgrade to newest version and thus dropping support for python 3.6