Ottomata has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/403762 )
Change subject: Allow certificates RSA keySize > 2048, Puppet generates certs
like these
......................................................................
Allow certificates RSA keySize > 2048, Puppet generates certs like these
Bug: T182993
Change-Id: I65d89cdfa74d2b39eeb9ce3f85f87785f99f555c
---
M modules/profile/files/kafka/java.security
1 file changed, 1 insertion(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/62/403762/1
diff --git a/modules/profile/files/kafka/java.security
b/modules/profile/files/kafka/java.security
index aa9e114..3d4d5f1 100644
--- a/modules/profile/files/kafka/java.security
+++ b/modules/profile/files/kafka/java.security
@@ -548,9 +548,7 @@
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
-# TODO: Temporiarly disable this. It is not working with Puppet signed
certificates.
-# Not sure why yet.
-#jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1, RSA, DSA, EC keySize < 224
+jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1, DSA, RSA keySize < 2048, EC
keySize < 224
#
# Algorithm restrictions for signed JAR files
--
To view, visit https://gerrit.wikimedia.org/r/403762
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I65d89cdfa74d2b39eeb9ce3f85f87785f99f555c
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ottomata <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
