Many of the default security settings in DJ have remained unchanged for many years, despite weaknesses being discovered in certain algorithms and also the advancement of best practices.
This issue can be closed once we have reviewed the default security settings in DJ in order to make sure that they are aligned with current best practices. In addition, we should put in place a process requiring us to perform periodic reviews.
As an example, the CryptoManager default settings look a little out of date:
- default "digest-algorithm" is SHA-1
- default "mac-algorithm" is HmacSHA1
- default cipher key lengths are 128
Comment from Neil Madden:
It would be good to update those. I can help with recommendations, but would need to discuss details - e.g., we could swap out AES/CBC/PKCS5Padding for AES/GCM/NoPadding but that also requires the code to supply a GCMParameterSpec vs an IVParameterSpec, so might not be a simple swap.
Jean-Noël Rouvignac also pointed to this part of the code: https://stash.forgerock.org/projects/OPENDJ/repos/opendj/browse/opendj-server/src/main/java/org/opends/server/crypto/CryptoManagerImpl.java#1543