lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Commented] (SOLR-9609) Change hard-coded keysize from 512 to 1024
Date Wed, 26 Oct 2016 20:14:58 GMT

    [ https://issues.apache.org/jira/browse/SOLR-9609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15609540#comment-15609540
] 

Jan Høydahl commented on SOLR-9609:
-----------------------------------

This sounds to me as a type of configuration that most people would leave to default (we change
it to 1024 in code), and those that need to change it will do it once, no need for the flexibility
of security.json with edit API etc? If so, I'd just create a sysProp for it and perhaps wire
it to an {{SOLR_CRYPTO_X}} env-var which could be placed in solr.in.sh.

> Change hard-coded keysize from 512 to 1024
> ------------------------------------------
>
>                 Key: SOLR-9609
>                 URL: https://issues.apache.org/jira/browse/SOLR-9609
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Jeremy Martini
>         Attachments: SOLR-9609.patch, SOLR-9609.patch, solr.log
>
>
> In order to configure our dataSource without requiring a plaintext password in the configuration
file, we extended JdbcDataSource to create our own custom implementation. Our dataSource config
now looks something like this:
> {code:xml}
> <dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.OracleDriver" url="jdbc:oracle:thin:@db-host-machine:1521:tst1"
user="testuser" password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
> {code}
> We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting the password.
However, this seems to cause an issue when we try use Solr in a Cloud Configuration (using
Zookeeper). The error is "Strong key gen and multiprime gen require at least 1024-bit keysize."
Full log attached.
> This seems to be due to the hard-coded value of 512 in the org.apache.solr.util.CryptoKeys$RSAKeyPair
class:
> {code:java}
> public RSAKeyPair() {
>   KeyPairGenerator keyGen = null;
>   try {
>     keyGen = KeyPairGenerator.getInstance("RSA");
>   } catch (NoSuchAlgorithmException e) {
>     throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
>   }
>   keyGen.initialize(512);
> {code}
> I pulled down the Solr code, changed the hard-coded value to 1024, rebuilt it, and now
everything seems to work great.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message