jrihtarsic commented on PR #293:
URL:
https://github.com/apache/santuario-xml-security-java/pull/293#issuecomment-2009015198
My suggestion is
To remove
DH("DH", "PKCS #3", KeyAlgorithmType.DH, "1.2.840.113549.1.3.1"),
From KeyType
The Diffie-Hellman key agreement using RSA keys is gradually becoming
obsolete and currently, it is not supported by the xmlsec key agreement method
implementation. I included it there primarily for the sake of completeness,
anticipating that someone might (but not very likely) add support for
Diffie-Hellman in the future.
Beside CodeQL marks it as potentially unsecure:
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
