]> andersk Git - test.git/commitdiff
andersk / test.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 28ff61e)
Use 2048-bit RSA keys for auto-generated certificates. shellinabox
authorJay Weisskopf <jay@jayschwa.net>
Thu, 2 Feb 2012 06:11:13 +0000 (00:11 -0600)
committerJay Weisskopf <jay@jayschwa.net>
Thu, 2 Feb 2012 06:11:13 +0000 (00:11 -0600)
Security researchers have recommended moving away from 1024-bit
keys for a few years now.

libhttp/ssl.c patch | blob | blame | history

diff --git a/libhttp/ssl.c b/libhttp/ssl.c
index ba9213335fa7c9825d97991154c04fce12870523..f9cb37f1beea61b4d33c2a4d3bbbcb2b797ec9df 100755 (executable)
--- a/libhttp/ssl.c
+++ b/libhttp/ssl.c
@@ -364,7 +364,7 @@ static void sslGenerateCertificate(const char *certificate,
     umask(077);
     check(setenv("PATH", "/usr/bin:/usr/sbin", 1) == 0);
     execlp("openssl", "openssl", "req", "-x509", "-nodes", "-days", "7300",
-           "-newkey", "rsa:1024", "-keyout", certificate, "-out", certificate,
+           "-newkey", "rsa:2048", "-keyout", certificate, "-out", certificate,
            "-subj", stringPrintf(NULL, "/CN=%s/", serverName),
            (char *)NULL);
     check(0);
Just for testing
This page took 0.038941 seconds and 5 git commands to generate.