From 7440bf44baea53de950093ebf9ee4e8a3ed71066 Mon Sep 17 00:00:00 2001 From: Assain Date: Sat, 3 Jun 2017 01:21:10 +0530 Subject: set message_encryptor default cipher to aes-256-gcm - Introduce a method to select default cipher, and maintain backward compatibility --- railties/lib/rails/application/configuration.rb | 4 ++++ .../templates/config/initializers/new_framework_defaults_5_2.rb.tt | 4 ++++ 2 files changed, 8 insertions(+) (limited to 'railties/lib') diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb index 4ffde6198a..fb635c6ae8 100644 --- a/railties/lib/rails/application/configuration.rb +++ b/railties/lib/rails/application/configuration.rb @@ -92,6 +92,10 @@ module Rails action_dispatch.use_authenticated_cookie_encryption = true end + if respond_to?(:active_support) + active_support.use_authenticated_message_encryption = true + end + else raise "Unknown version #{target_version.to_s.inspect}" end diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt index 900baa607a..3809936f9f 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt +++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt @@ -13,3 +13,7 @@ # Use AES 256 GCM authenticated encryption for encrypted cookies. # Existing cookies will be converted on read then written with the new scheme. # Rails.application.config.action_dispatch.use_authenticated_cookie_encryption = true + +# Use AES-256-GCM authenticated encryption as default cipher for encrypting messages +# instead of AES-256-CBC, when use_authenticated_message_encryption is set to true. +# Rails.application.config.active_support.use_authenticated_message_encryption = true -- cgit v1.2.3