The 3DES encryption algorithm of the pcsk8 certificate is not secure. Can it support a secure encryption algorithm?
wang961214 opened this issue · 0 comments
When using the pkcs8 certificate, I found that the encryption algorithm 3DES of the certificate is not secure. Then I used the V2 parameter to generate the certificate, the command is as follows
But logstash gives an error when applying this certificate:
It looks like the encryption method of the certificate is not recognized!
After researching, I found that the input-beats plugin uses netty's SslContext. When using openssl to generate a certificate to specify an algorithm such as aes256, when using encryptedPrivateKeyInfo.getAlgName() to get the algorithm name, the result is: 1.2.840.113549.1.5.13, netty Don't know the name at all.
After a long exploration experiment, I found not-yet-commons-ssl-0.3.17.jar to be a good solution to try and modify using its ideas. Or support certificate formats other than pkcs8.