diff options
| author | David Walser <luigiwalser@yahoo.com> | 2015-04-01 17:25:15 +0100 |
|---|---|---|
| committer | Colin Guthrie <colin@mageia.org> | 2015-04-01 17:25:58 +0100 |
| commit | 971938e7043cbbc877039cb75009033cc0bc967f (patch) | |
| tree | f8f816e3000cafa2f3d8e37fcf01a7921fc3899b | |
| parent | f138359d05d72fb6aeb209c365b379970f0d55d7 (diff) | |
| download | rpm-helper-971938e7043cbbc877039cb75009033cc0bc967f.tar rpm-helper-971938e7043cbbc877039cb75009033cc0bc967f.tar.gz rpm-helper-971938e7043cbbc877039cb75009033cc0bc967f.tar.bz2 rpm-helper-971938e7043cbbc877039cb75009033cc0bc967f.tar.xz rpm-helper-971938e7043cbbc877039cb75009033cc0bc967f.zip | |
ssl: Change default key length to 2048.
Various browsers and other clients are dropping support for 1024-SSL
certificates so we should not generate them by default.
mga#15576
| -rw-r--r-- | NEWS | 2 | ||||
| -rwxr-xr-x | create-ssl-certificate | 2 | ||||
| -rw-r--r-- | ssl | 2 |
3 files changed, 4 insertions, 2 deletions
@@ -1,3 +1,5 @@ + * default SSL certificates to 2048-bit (mga#15576) + 2014-10-28 Colin Guthrie <colin@mageia.org> 0.24.16 * deal with xinetd.d services properly (e.g. sane mga#14397) diff --git a/create-ssl-certificate b/create-ssl-certificate index 954f187..599719b 100755 --- a/create-ssl-certificate +++ b/create-ssl-certificate @@ -22,7 +22,7 @@ fi if [ ! -f /etc/pki/tls/private/$srv.pem ]; then # default values host=$(hostname) - KEY_LENGTH=1024 + KEY_LENGTH=2048 CERT_DAYS=365 EMAIL_ADDRESS=root@$host COMMON_NAME=$host @@ -1,7 +1,7 @@ # configuration file for create-ssl-certificate rpm scriptlet # key length -KEY_LENGTH=1024 +KEY_LENGTH=2048 # certificate duration CERT_DAYS=365 |