[Bug 199379] [PATCH] Update SSL key generation to today's standards.
Roland van Laar
roland at micite.net
Mon Jun 8 20:58:57 UTC 2015
Hello,
I submitted this patch almost 2 months back.
It is a patch to help FreeBSD users generate secure SSL keys.
What can I do to get this patch excepted?
Regards,
Roland
On 11-04-15 16:50, bugzilla-noreply at freebsd.org wrote:
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199379
>
> Bug ID: 199379
> Summary: [PATCH] Update SSL key generation to today's
> standards.
> Product: Documentation
> Version: Latest
> Hardware: Any
> OS: Any
> Status: New
> Keywords: patch
> Severity: Affects Only Me
> Priority: ---
> Component: Documentation
> Assignee: freebsd-doc at FreeBSD.org
> Reporter: roland at micite.net
> Keywords: patch
>
> Created attachment 155478
> --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=155478&action=edit
> Patch for openssl chapter in handbook.
>
> The current SSL key generation chapter contains a few inaccuracies and
> the generated keys are not up to date with today's standards.
>
> This patch shows how to generate secure keys and includes a good place for more
> information, namely the openssl cookbook.
>
> Mainly:
>
> - Use RSA for key generation, instead of DSA.
> - Fix documentation that lied about generation an RSA key while it actually was
> DSA.
> - Use SHA256 for signatures instead of older SHA1:
> http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html
> - Use recommended 2048 bits instead of 1024.
>
More information about the freebsd-doc
mailing list