[Bug 199379] [PATCH] Update SSL key generation to today's standards.
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Apr 11 14:50:29 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199379
Bug ID: 199379
Summary: [PATCH] Update SSL key generation to today's
standards.
Product: Documentation
Version: Latest
Hardware: Any
OS: Any
Status: New
Keywords: patch
Severity: Affects Only Me
Priority: ---
Component: Documentation
Assignee: freebsd-doc at FreeBSD.org
Reporter: roland at micite.net
Keywords: patch
Created attachment 155478
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=155478&action=edit
Patch for openssl chapter in handbook.
The current SSL key generation chapter contains a few inaccuracies and
the generated keys are not up to date with today's standards.
This patch shows how to generate secure keys and includes a good place for more
information, namely the openssl cookbook.
Mainly:
- Use RSA for key generation, instead of DSA.
- Fix documentation that lied about generation an RSA key while it actually was
DSA.
- Use SHA256 for signatures instead of older SHA1:
http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html
- Use recommended 2048 bits instead of 1024.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-doc
mailing list