SOLR-9606: Change hard-coded keysize from 512 to 1024

(cherry picked from commit e402a30)
This commit is contained in:
Erick Erickson 2016-11-16 13:33:18 -08:00
parent 2e821eac27
commit 8bd4ad36c5
2 changed files with 7 additions and 1 deletions

View File

@ -132,6 +132,8 @@ Other Changes
* SOLR-9597: Add setReadOnly(String ...) to ConnectionImpl (Kevin Risden) * SOLR-9597: Add setReadOnly(String ...) to ConnectionImpl (Kevin Risden)
* SOLR-9609: Change hard-coded keysize from 512 to 1024 (Jeremy Martini via Erick Erickson)
================== 6.3.0 ================== ================== 6.3.0 ==================
Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release. Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.

View File

@ -285,6 +285,10 @@ public final class CryptoKeys {
private final PrivateKey privateKey; private final PrivateKey privateKey;
private final SecureRandom random = new SecureRandom(); private final SecureRandom random = new SecureRandom();
// If this ever comes back to haunt us see the discussion at
// SOLR-9609 for background and code allowing this to go
// into security.json
private static final int DEFAULT_KEYPAIR_LENGTH = 1024;
public RSAKeyPair() { public RSAKeyPair() {
KeyPairGenerator keyGen = null; KeyPairGenerator keyGen = null;
@ -293,7 +297,7 @@ public final class CryptoKeys {
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e); throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
} }
keyGen.initialize(512); keyGen.initialize(DEFAULT_KEYPAIR_LENGTH);
java.security.KeyPair keyPair = keyGen.genKeyPair(); java.security.KeyPair keyPair = keyGen.genKeyPair();
privateKey = keyPair.getPrivate(); privateKey = keyPair.getPrivate();
publicKey = keyPair.getPublic(); publicKey = keyPair.getPublic();