mirror of https://github.com/docker/cli.git
8437cfefae
> Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since
> it does not authenticate the ciphertext, it is vulnerable to padding oracle
> attacks that can let an attacker recover the plaintext
From https://go-review.googlesource.com/c/go/+/264159
> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| command | ||
| compose | ||
| config | ||
| connhelper | ||
| context | ||
| debug | ||
| flags | ||
| manifest | ||
| registry/client | ||
| streams | ||
| trust | ||
| version | ||
| winresources | ||
| cobra.go | ||
| cobra_test.go | ||
| error.go | ||
| required.go | ||
| required_test.go | ||