Skip to content

Commit

Permalink
Generate hashCAFile with SHA256
Browse files Browse the repository at this point in the history 
In a FIPS environment, it's much easier to switch to SHA256 than it is
to verify and explain that any particular use of MD5 is actually safe
in-context.

Signed-off-by: Nick Thomas <nick@gitlab.com>
  • Loading branch information
Nick Thomas committed Mar 16, 2021
1 parent 3ebd397 commit c1bba9e
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions config/http_config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ package config

import (
"bytes"
"crypto/md5"
"crypto/sha256"
"crypto/tls"
"crypto/x509"
"fmt"
Expand Down Expand Up @@ -533,7 +533,7 @@ func (t *tlsRoundTripper) getCAWithHash() ([]byte, []byte, error) {
if err != nil {
return nil, nil, err
}
h := md5.Sum(b)
h := sha256.Sum256(b)
return b, h[:], nil

}
Expand Down

0 comments on commit c1bba9e

Please sign in to comment.