From 73836fefc0e07e39ca27efe31a101232963864a2 Mon Sep 17 00:00:00 2001 From: "Scott G. Miller" Date: Wed, 13 May 2020 10:18:12 -0500 Subject: [PATCH] Soften the warning language on PKCS #1 v1.5 padding --- website/pages/docs/configuration/seal/pkcs11.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/pages/docs/configuration/seal/pkcs11.mdx b/website/pages/docs/configuration/seal/pkcs11.mdx index 80f19d3fe2a83..686a42adc2be8 100644 --- a/website/pages/docs/configuration/seal/pkcs11.mdx +++ b/website/pages/docs/configuration/seal/pkcs11.mdx @@ -113,7 +113,7 @@ These parameters apply to the `seal` stanza in the Vault configuration file: - `0x0001` `CKM_RSA_PKCS` ~> **Warning**: CKM_RSA_PKCS specifies the PKCS #1 v1.5 padding scheme, which is - subject to several padding oracle attacks. Use of CKM_RSA_PKCS_OAEP is + in general less secure than OAEP. Where possible, use of CKM_RSA_PKCS_OAEP is recommended over CKM_RSA_PKCS.