directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From akaras...@apache.org
Subject svn commit: r643985 - /directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java
Date Wed, 02 Apr 2008 17:32:11 GMT
Author: akarasulu
Date: Wed Apr  2 10:32:09 2008
New Revision: 643985

URL: http://svn.apache.org/viewvc?rev=643985&view=rev
Log:
Reducing RSA encryption key size to 512 from 1024. This is the setting used by
the server to enable LDAPS and StartTLS.  The key must be kept at or below 512
bits in size to meet export restrictions so ApacheDS can be classified in the 
ECCN 5D002 category.

For more information please see documentation on these restrictions and ASF 
guidelines for PMC members regarding export restrictions and cryptography:

   o http://www.apache.org/dev/crypto.html
   o http://www.apache.org/licenses/exports


Modified:
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java?rev=643985&r1=643984&r2=643985&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java
Wed Apr  2 10:32:09 2008
@@ -73,7 +73,22 @@
     public static final String CERTIFICATE_PRINCIPAL_DN =
         "CN=ApacheDS, OU=Directory, O=ASF, C=US";
     private static final String ALGORITHM = "RSA";
-    private static final int KEY_SIZE = 1024;
+    
+    /* 
+     * Eventually we have to make several of these parameters configurable,
+     * however note to pass export restrictions we must use a key size of
+     * 512 or less here as the default.  Users can configure this setting
+     * later based on their own legal situations.  This is required to 
+     * classify ApacheDS in the ECCN 5D002 category.  Please see the following
+     * page for more information:
+     * 
+     *    http://www.apache.org/dev/crypto.html
+     * 
+     * Also ApacheDS must be classified on the following page:
+     * 
+     *    http://www.apache.org/licenses/exports
+     */ 
+    private static final int KEY_SIZE = 512;
     private static final long YEAR_MILLIS = 365*24*3600*1000;
     
 



Mime
View raw message