Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Requirement: It MUST be possible to configure the software so that smaller keylengths are completely disabled #988

Closed
UlisesGascon opened this issue May 12, 2023 · 1 comment
Closed

Requirement: It MUST be possible to configure the software so that smaller keylengths are completely disabled #988

UlisesGascon opened this issue May 12, 2023 · 1 comment
Labels
CII-best-practices discussion security-wg-agenda

Comments

@UlisesGascon
Copy link
Member

Original discussion: https://github.com/nodejs/security-wg/pull/954/files#r1179650439
@mhdawson @tniessen @richardlau

The security mechanisms within the software produced by the project MUST use default keylengths that at least meet the NIST minimum requirements through the year 2030 (as stated in 2012). It MUST be possible to configure the software so that smaller keylengths are completely disabled.
@UlisesGascon UlisesGascon mentioned this issue May 12, 2023
Merged
@UlisesGascon UlisesGascon mentioned this issue May 12, 2023
Open
@mhdawson mhdawson mentioned this issue May 22, 2023
Closed
@mhdawson mhdawson mentioned this issue Jun 5, 2023
Closed
@RafaelGSS
Copy link
Member

If someone wants to, they can use custom OpenSSL configurations, custom OpenSSL providers, or even custom dynamically linked OpenSSL builds to "configure" Node.js's crypto module

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CII-best-practices discussion security-wg-agenda
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@UlisesGascon @RafaelGSS