From 971938e7043cbbc877039cb75009033cc0bc967f Mon Sep 17 00:00:00 2001
From: David Walser <luigiwalser@yahoo.com>
Date: Wed, 1 Apr 2015 17:25:15 +0100
Subject: ssl: Change default key length to 2048.

Various browsers and other clients are dropping support for 1024-SSL
certificates so we should not generate them by default.

mga#15576
---
 NEWS                   | 2 ++
 create-ssl-certificate | 2 +-
 ssl                    | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 4d133eb..9735173 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,5 @@
+ * default SSL certificates to 2048-bit (mga#15576)
+
 2014-10-28 Colin Guthrie <colin@mageia.org> 0.24.16
 	* deal with xinetd.d services properly (e.g. sane mga#14397)
 
diff --git a/create-ssl-certificate b/create-ssl-certificate
index 954f187..599719b 100755
--- a/create-ssl-certificate
+++ b/create-ssl-certificate
@@ -22,7 +22,7 @@ fi
 if [ ! -f /etc/pki/tls/private/$srv.pem ]; then 
     # default values
     host=$(hostname)
-    KEY_LENGTH=1024
+    KEY_LENGTH=2048
     CERT_DAYS=365
     EMAIL_ADDRESS=root@$host
     COMMON_NAME=$host
diff --git a/ssl b/ssl
index 9e03c04..9df9ae7 100644
--- a/ssl
+++ b/ssl
@@ -1,7 +1,7 @@
 # configuration file for create-ssl-certificate rpm scriptlet
 
 # key length
-KEY_LENGTH=1024
+KEY_LENGTH=2048
 
 # certificate duration
 CERT_DAYS=365
-- 
cgit v1.2.1