HTCondor delegates proxies as 512-bit proxies by default

The following announcement from Tony Tiradani applies only to HTCondor sites:

WLCG glexec tests have uncovered an issue with the effective default size of HTCondor delegated proxies.  Sites should be aware that if they allow HTCondor to delegate proxies, the delegated proxies will be 512-bit proxies, even if the original proxy was 1024-bits or greater.

The issue is an incompatibility with 512-bit proxies and OpenSSL versions >= 1.0.1.  Glexec calls and SSL communication will fail.

Sites may disable delegation entirely by inserting the following line into their HTCondor configuration:

DELEGATE_JOB_GSI_CREDENTIALS = False

Alternatively, sites may specify to HTCondor the bit size to use for delegating proxies by inserting the following line into their HTCondor configuration:

GSI_DELEGATION_KEYBITS = 1024

The actual value may be increased.  However, from the HTCondor manual, "Setting the value greater than 4096 is likely to cause long compute times."

Additionally, the default for GSI_DELEGATION_KEYBITS will be changed to 1024-bits in the upcoming HTCondor 8.0.6 release.