lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hrishikesh Gadre (JIRA)" <>
Subject [jira] [Commented] (SOLR-9609) Change hard-coded keysize from 512 to 1024
Date Mon, 10 Oct 2016 20:28:20 GMT


Hrishikesh Gadre commented on SOLR-9609:

[~erickerickson] Since this a cluster wide (rather than a host or server specific) configuration,
I think it should come from security.json rather than a system property. This will also allow
us to make other parameters (e.g. algorithm name etc.) configurable. What do you think?

> Change hard-coded keysize from 512 to 1024
> ------------------------------------------
>                 Key: SOLR-9609
>                 URL:
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Jeremy Martini
>         Attachments: SOLR-9609.patch, SOLR-9609.patch, solr.log
> In order to configure our dataSource without requiring a plaintext password in the configuration
file, we extended JdbcDataSource to create our own custom implementation. Our dataSource config
now looks something like this:
> {code:xml}
> <dataSource type="" driver="oracle.jdbc.OracleDriver" url="jdbc:oracle:thin:@db-host-machine:1521:tst1"
user="testuser" password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
> {code}
> We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting the password.
However, this seems to cause an issue when we try use Solr in a Cloud Configuration (using
Zookeeper). The error is "Strong key gen and multiprime gen require at least 1024-bit keysize."
Full log attached.
> This seems to be due to the hard-coded value of 512 in the org.apache.solr.util.CryptoKeys$RSAKeyPair
> {code:java}
> public RSAKeyPair() {
>   KeyPairGenerator keyGen = null;
>   try {
>     keyGen = KeyPairGenerator.getInstance("RSA");
>   } catch (NoSuchAlgorithmException e) {
>     throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
>   }
>   keyGen.initialize(512);
> {code}
> I pulled down the Solr code, changed the hard-coded value to 1024, rebuilt it, and now
everything seems to work great.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message