We are using the EJBCA community edition, currently 6.15.2.6. We recently found that the iteration count parameter on the MAC and key algorithms of the pkcs12 keystores created by the EJBCA seem to have changed from 1024 to 102400. This can be seen by, e.g., using "openssl asn1parse" on the p12 keystores.
The value of 102400 seems to be unreasonably high (the default in openssl is 2048) and in fact leads to performance problems in one of our client applications using a client certificate in pkcs12 format.
Can it be verified that the iteration count is set by the EJBCA, and that the value was changed with the community edition 6.15.2.6 ?
How can we change this parameter in the EJBCA ?
Thanks !
Götz
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Since this problem begins to become production critical for us and we need help, I have rewritten the post with some more details in the help section of the forums. This post can thus be ignored.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We are using the EJBCA community edition, currently 6.15.2.6. We recently found that the iteration count parameter on the MAC and key algorithms of the pkcs12 keystores created by the EJBCA seem to have changed from 1024 to 102400. This can be seen by, e.g., using "openssl asn1parse" on the p12 keystores.
The value of 102400 seems to be unreasonably high (the default in openssl is 2048) and in fact leads to performance problems in one of our client applications using a client certificate in pkcs12 format.
Can it be verified that the iteration count is set by the EJBCA, and that the value was changed with the community edition 6.15.2.6 ?
How can we change this parameter in the EJBCA ?
Thanks !
Götz
Since this problem begins to become production critical for us and we need help, I have rewritten the post with some more details in the help section of the forums. This post can thus be ignored.