Project

General

Profile

Actions
Copy link

Feature #1858

closed

default SSL-cert should at least use 2048 bit RSA-keys

Added by Michal Fresel over 13 years ago. Updated almost 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
09/08/2011
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

after installing a new box the system-SSL-cert should default to 2048 or even 4096 bit RSA-keys

current: RSA - 1024 bit

expected: >= 2048 bit

TODO: change in /etc/ssl/openssl.cnf 

default_bits = 2048

maybe we want to change it even to be 4096?
#paranoiasmile# :)

further reading:
Mozilla: Dates for Phasing out MD5-based signatures and 1024-bit moduli
Microsoft: A Note on Implementation of the Requirement to Issue Longer Key Length Certificates

Actions
Copy link
 #1

Updated by Michal Fresel over 13 years ago

key-sizes above 8192 will not work on Safari (Mac OS X)

Actions
Copy link
 #2

Updated by Jim Pingle over 13 years ago

  • Tracker changed from Bug to Feature
Actions
Copy link
 #3

Updated by Chris Buechler almost 10 years ago

  • Status changed from New to Resolved

this was done quite some time ago

Actions
Copy link

Also available in: Atom PDF