Ticket #8687 (new defect)
Opened 3 years ago
Weak SSL certificates in notebooks
| Reported by: | sneves | Owned by: | jason, was |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | notebook | Keywords: | |
| Cc: | Work issues: | ||
| Report Upstream: | N/A | Reviewers: | |
| Authors: | Merged in: | ||
| Dependencies: | Stopgaps: |
Description
To generate the certificate required for secure (https) notebooks, openssl is called (in Linux, at least). By default, openssl generates 512bit RSA keys, which are far too weak to be used with any degree of confidence.
The offending code is in the sagenb module, in the run_notebook.py file, line 100. A simple fix is to change the line to:
cmd = % private_pem?
Note: See
TracTickets for help on using
tickets.
