Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-6824

Cannot import symmetric keys on older servers in a mixed version topology

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: upgrade
    • Labels:

      Description

      Upgrading instances with confidentiality enabled using default parameters to 7.0 makes upgraded instances to generate GCM keys (the new default) instead of backward compatible CBC keys.

      In a mixed topology, older servers will replicate the key, but will print error messages about not being able to import it:

      [27/Nov/2019:17:28:39 +0100] category=org.opends.server.crypto.CryptoManagerSync severity=ERROR msgID=-1 msg=Failed to import key entry: CryptoManager cannot initialize Cipher: InvalidAlgorithmParameterException(Unsupported parameter: javax.crypto.spec.IvParameterSpec@ec2166)

       

        Attachments

          Issue Links

          is caused by

          Task - A task that needs to be done. OPENDJ-5949 Review default security parameters (use PBKDF2, stronger cryptomanager settings, etc)

          • Critical - Crashes, loss of data, severe memory leak.
          • Done

            Activity

              People

              Assignee:
              ondrej.fuchsik Ondrej Fuchsik
              Reporter:
              fabiop Fabio Pistolesi
              Dev Assignee:
              Gaetan Boismal [X] Gaetan Boismal [X] (Inactive)
              QA Assignee:
              Ondrej Fuchsik Ondrej Fuchsik
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: