Change pcks12 usage to modern ciphers

[devbeard]

Why

Using mkcert to create P12/PFX for use in nodejs >= 17 causes issues because of the deprecated RC2 usage. By upgrading https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 to latest version, and using the Modern encoder (which currently points to Modern2023 encoder settings), fixes the issue, for example issue #496

var Modern2023 = &Encoder{
	macAlgorithm:         oidSHA256,
	certAlgorithm:        oidPBES2,
	keyAlgorithm:         oidPBES2,
	macIterations:        2048,
	encryptionIterations: 2048,
	saltLen:              16,
	rand:                 rand.Reader,
}

Relevant links

These are the changes between current 0.2.0 and targeted 0.4.0: SSLMate/go-pkcs12@v0.2.0...v0.4.0

The most relevant commit is: SSLMate/go-pkcs12@b473b00 (18th July 2023)

Verifying

Before change:

$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

$ openssl pkcs12 -info -in localhost.p12 -noout
Enter Import Password:
MAC: sha1, Iteration 1
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Error outputting keys and certificates
40D741DADD7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

After change:

$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

$ openssl pkcs12 -info -in localhost.p12 -noout
Enter Import Password:
MAC: sha256, Iteration 2048
MAC length: 32, salt length: 16
PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
Certificate bag
Certificate bag
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256