The 3DES encryption algorithm of the pcsk8 certificate is not secure. Can it support a secure encryption algorithm?

Question

The 3DES encryption algorithm of the pcsk8 certificate is not secure. Can it support a secure encryption algorithm?

wang961214 opened this issue 2 years ago · 0 comments

When using the pkcs8 certificate, I found that the encryption algorithm 3DES of the certificate is not secure. Then I used the V2 parameter to generate the certificate, the command is as follows

But logstash gives an error when applying this certificate：

It looks like the encryption method of the certificate is not recognized！

After researching, I found that the input-beats plugin uses netty's SslContext. When using openssl to generate a certificate to specify an algorithm such as aes256, when using encryptedPrivateKeyInfo.getAlgName() to get the algorithm name, the result is: 1.2.840.113549.1.5.13, netty Don't know the name at all.

After a long exploration experiment, I found not-yet-commons-ssl-0.3.17.jar to be a good solution to try and modify using its ideas. Or support certificate formats other than pkcs8.

#372