diff --git a/lib/puppet/provider/ssl_pkey/openssl.rb b/lib/puppet/provider/ssl_pkey/openssl.rb index 8ca7df9..3d241b6 100644 --- a/lib/puppet/provider/ssl_pkey/openssl.rb +++ b/lib/puppet/provider/ssl_pkey/openssl.rb @@ -25,7 +25,7 @@ def self.generate_key(resource) def self.to_pem(resource, key) if resource[:password] - cipher = OpenSSL::Cipher.new('des3') + cipher = OpenSSL::Cipher.new('aes-256-cbc') key.to_pem(cipher, resource[:password]) else key.to_pem diff --git a/spec/unit/puppet/provider/ssl_pkey/openssl_spec.rb b/spec/unit/puppet/provider/ssl_pkey/openssl_spec.rb index 91bd125..dc22dca 100644 --- a/spec/unit/puppet/provider/ssl_pkey/openssl_spec.rb +++ b/spec/unit/puppet/provider/ssl_pkey/openssl_spec.rb @@ -42,7 +42,7 @@ it 'creates with given password' do resource[:password] = '2x$5{' allow(OpenSSL::PKey::RSA).to receive(:new).with(2048).and_return(key) - allow(OpenSSL::Cipher).to receive(:new).with('des3') + expect(OpenSSL::Cipher).to receive(:new).with('aes-256-cbc') expect(File).to receive(:write).with('/tmp/foo.key', kind_of(String)) resource.provider.create end @@ -72,7 +72,7 @@ resource[:authentication] = :rsa resource[:password] = '2x$5{' allow(OpenSSL::PKey::RSA).to receive(:new).with(2048).and_return(key) - allow(OpenSSL::Cipher).to receive(:new).with('des3') + expect(OpenSSL::Cipher).to receive(:new).with('aes-256-cbc') expect(File).to receive(:write).with('/tmp/foo.key', kind_of(String)) resource.provider.create end @@ -102,7 +102,7 @@ resource[:authentication] = :dsa resource[:password] = '2x$5{' allow(OpenSSL::PKey::DSA).to receive(:new).with(2048).and_return(key) - allow(OpenSSL::Cipher).to receive(:new).with('des3') + expect(OpenSSL::Cipher).to receive(:new).with('aes-256-cbc') expect(File).to receive(:write).with('/tmp/foo.key', kind_of(String)) resource.provider.create end @@ -134,7 +134,7 @@ resource[:authentication] = :ec resource[:password] = '2x$5{' allow(OpenSSL::PKey::EC).to receive(:new).with('secp384r1').and_return(key) - allow(OpenSSL::Cipher).to receive(:new).with('des3') + expect(OpenSSL::Cipher).to receive(:new).with('aes-256-cbc') expect(File).to receive(:write).with('/tmp/foo.key', kind_of(String)) resource.provider.create end