Details

    • Similar Issues:

      Description

      Actually, the master key is encrypted with the size limit of 128bits due to the restriction of old java versions.

      This restriction was lifted in Java 9 and 11, and after JDK8u162.

      To improve security of all secrets in Jenkins, I purpose to increase the limit of this key.

       

      Because all companies has different security policies, it might be nice to let the administrator of Jenkins choose wich algorithm he want to use to encrypt Jenkins secrets. Actually it is hard coded.

       

      Would anyone have any opinion on that?

       

      This improvement can be applied to the credentials-plugin too.

       

      Update : relation with JENKINS-61373

       

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              Unassigned
              Reporter:
              mat1e Mathieu Delrocq
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: