[gnutls-devel] GnuTLS | certtool: --to-p12: use modern algorithms by default (!1499)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Dec 21 15:24:53 CET 2021
Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1499#note_791467931
I've added a test that compares the `--p12-info` with the expected output.
> First: just to double check, the addition of --with-pkcs12-iter-count=10000 in test scripts is just there to speed up CI?
Yes, the number is based on https://searchfox.org/mozilla-central/source/security/nss/lib/pkcs7/p7create.c#21
> Second, shouldn't we verify that 600000 is indeed the new default?
I think it's now covered by the new test.
> Third, what's the HMAC used for PBKDF2? Doesn't GnuTLS default to SHA1 there?
Good point; I've updated it to SHA256.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1499#note_791467931
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20211221/8245bb77/attachment-0001.html>
More information about the Gnutls-devel
mailing list