Enabling FIPS mode by using sha256 instead of md5
FIPS does not allow md5, some systems like RHEL needs to have FIPS compliance, in order to execute some routines like when try to use keystone-manage. As a general rule, we should avoid using md5 if we can and move over to SHA wherever possible. Change-Id: Icaeb3305c788db2913fe99792ea6311d218b3410 Closes-Bug: #1767024
This commit is contained in:
parent
e74e074c5a
commit
b5dfd8dfde
|
@ -30,8 +30,8 @@ CONF.register_opts(opts, group='audit')
|
|||
|
||||
AUDIT_NS = None
|
||||
if CONF.audit.namespace:
|
||||
md5_hash = hashlib.md5(CONF.audit.namespace.encode('utf-8'))
|
||||
AUDIT_NS = uuid.UUID(md5_hash.hexdigest())
|
||||
sha256_hash = hashlib.sha256(CONF.audit.namespace.encode('utf-8'))
|
||||
AUDIT_NS = uuid.UUID(sha256_hash.hexdigest()[0:32])
|
||||
|
||||
VALID_EXCEPTIONS = ['default', 'initiator', 'observer', 'target']
|
||||
|
||||
|
|
Loading…
Reference in New Issue