Increase the default RSA key size to 2048

pull/48/head
Soner Tari 5 years ago
parent 0d5af14325
commit dabc9c7b20

@ -80,7 +80,7 @@
* OpenSSL security level of 2+ does not accept key size of 1024 bits, giving
* a "key too small" error while loading forged cert into SSL ctx.
*/
#define DFLT_LEAFKEY_RSABITS 1024
#define DFLT_LEAFKEY_RSABITS 2048
#endif /* !DEFAULTS_H */

@ -93,8 +93,8 @@ CAKey /etc/sslproxy/ca.key
#Ciphers MEDIUM:HIGH
# Leaf key RSA keysize in bits, use 1024|2048|3072|4096.
# (default: 1024)
#LeafKeyRSABits 1024
# (default: 2048)
#LeafKeyRSABits 2048
# OpenSSL engine to activate, either ID or full path to shared library
# Equivalent to -x command line option

@ -141,7 +141,7 @@ Default: ALL:-aNULL
\fBLeafKeyRSABits NUMBER\fR
Leaf key RSA keysize in bits, use 1024|2048|3072|4096.
.br
Default: 1024
Default: 2048
.TP
\fBOpenSSLEngine STRING\fR
The OpenSSL engine to activate. Equivalent to -x command line option.

Loading…
Cancel
Save