Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-6824

Cannot import symmetric keys on older servers in a mixed version topology

    Details

    • Type: Bug
    • Status: Done
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: upgrade
    • Labels:

      Description

      Upgrading instances with confidentiality enabled using default parameters to 7.0 makes upgraded instances to generate GCM keys (the new default) instead of backward compatible CBC keys.

      In a mixed topology, older servers will replicate the key, but will print error messages about not being able to import it:

      [27/Nov/2019:17:28:39 +0100] category=org.opends.server.crypto.CryptoManagerSync severity=ERROR msgID=-1 msg=Failed to import key entry: CryptoManager cannot initialize Cipher: InvalidAlgorithmParameterException(Unsupported parameter: javax.crypto.spec.IvParameterSpec@ec2166)

       

        Attachments

          Issue Links

          is caused by

          Task - A task that needs to be done. OPENDJ-5949 Review default security parameters (use PBKDF2, stronger cryptomanager settings, etc)

          • Critical - Crashes, loss of data, severe memory leak.
          • Done

            Activity

              People

              • Assignee:
                ondrej.fuchsik Ondrej Fuchsik
                Reporter:
                fabiop Fabio Pistolesi
                Dev Assignee:
                Gaetan Boismal [X] (Inactive)
                QA Assignee:
                Ondrej Fuchsik
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: