PKCS12 default encoder uses LegacyDES (40-bit RC2 + 3DES) #25

New issue

Open

opened 2026-05-17 23:12:51 +02:00 by heiko · 1 comment

heiko commented

2026-05-17 23:12:51 +02:00

Owner

Summary

cmd/cert-proxy-server/pkcs12.go:68-70: the switch compat block catches only "modern"; all other values — including the empty string (the normal case) — fall through to pkcs12.LegacyDES, which uses 40-bit RC2 and 3DES. Both ciphers are broken.

switch compat {
case "modern":
    encoder = pkcs12.Modern2023
default:
    encoder = pkcs12.LegacyDES   // every request without ?pkcs12-compat=modern
}

Impact

Any PKCS12 bundle generated without explicitly passing ?pkcs12-compat=modern is protected only by weak legacy crypto. An attacker with access to the .pfx file can crack the encryption.

Fix

Invert the default: use Modern2023 unless "legacy" is explicitly requested.

## Summary `cmd/cert-proxy-server/pkcs12.go:68-70`: the `switch compat` block catches only `"modern"`; all other values — including the empty string (the normal case) — fall through to `pkcs12.LegacyDES`, which uses 40-bit RC2 and 3DES. Both ciphers are broken. ```go switch compat { case "modern": encoder = pkcs12.Modern2023 default: encoder = pkcs12.LegacyDES // every request without ?pkcs12-compat=modern } ``` ## Impact Any PKCS12 bundle generated without explicitly passing `?pkcs12-compat=modern` is protected only by weak legacy crypto. An attacker with access to the .pfx file can crack the encryption. ## Fix Invert the default: use `Modern2023` unless `"legacy"` is explicitly requested.

heiko added the

security

label

2026-05-17 23:12:51 +02:00

heiko commented

2026-05-22 11:38:22 +02:00

Author

Owner

AI attribution comment added per repository instruction for this open issue.\n\n(co)authored by ai:gpt-5-codex