cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-5013) Need support for SHA256 Signature Algorithms
Date Tue, 14 May 2013 09:19:16 GMT

    [ https://issues.apache.org/jira/browse/CXF-5013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13656922#comment-13656922
] 

Colm O hEigeartaigh commented on CXF-5013:
------------------------------------------


I'll apply the patch. However, the solution is really for the WS-SecurityPolicy specification
to be updated to support SHA-256. You also have the option to create your own AlgorithmSuite
implementation.

Colm.
                
> Need support for SHA256 Signature Algorithms
> --------------------------------------------
>
>                 Key: CXF-5013
>                 URL: https://issues.apache.org/jira/browse/CXF-5013
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.6.2
>         Environment: All supported platforms
>            Reporter: Syed Abdul Wadood
>             Fix For: 2.6.7
>
>         Attachments: sha256_sigalg.patch, Sha2SignatureAlgorithmTest.java
>
>   Original Estimate: 96h
>  Remaining Estimate: 96h
>
> Due to the weakness of SHA1 algorithm, US National Institute of Standards and Technology
(NIST) has recommended that SHA256 or higher algorithms be used. Using SHA256 is also required
by  Federal Information Processing Standard (FIPS).
> Currently, there is no way to specify SHA256 Signature algorithms when signing a message
part using Web services security.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message