We default to using aes-256-cbc as our verification/signing cipher. It can...
We default to using aes-256-cbc as our verification/signing cipher. It can accept key lengths of 128, 192 or 256-bit, whereas currently we were providing twice the acceptable value. ruby < 2.4 allowed accepting these values, as extra key bits were ignored. Since https://github.com/ruby/ruby/commit/ce635262f53b760284d56bb1027baebaaec175d1 this now has a strict checking on key length. Default to key length 32 bytes, to match the compatible length for aes-256-cbc Fixes #25185
Showing
想要评论请 注册 或 登录