You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the default values for digest and signing algorithms are SHA1 and RSA_SHA1 (respectively). SHA1 however is deprecated (I suspect due to potential for hash collisions) and we'd like to use SHA256 or better as default value to encourage an acceptable secure default configuration.
However, there appears to be a SHA1 algo hardcoded somewhere in the python3-saml library for the single-logout flow that breaks using other algorithms than SHA1 based ones.
Tasks
Trace down hardcoded algorithm in python3-saml (we can do this in our fork)
See if we can parametrize or fix this
Make SHA256 the default values
The text was updated successfully, but these errors were encountered:
Currently the default values for digest and signing algorithms are SHA1 and RSA_SHA1 (respectively). SHA1 however is deprecated (I suspect due to potential for hash collisions) and we'd like to use SHA256 or better as default value to encourage an acceptable secure default configuration.
However, there appears to be a SHA1 algo hardcoded somewhere in the python3-saml library for the single-logout flow that breaks using other algorithms than SHA1 based ones.
Tasks
The text was updated successfully, but these errors were encountered: