Project

General

Profile

« Previous | Next » 

Revision dbcc45d1

Added by Phil Davis almost 9 years ago

Backport Add missing recommended key lengths/digest to Cert system

Original pull request to master was #2944

View differences:

src/etc/inc/certs.inc
57 57 
require_once("functions.inc");
58 58 

  		




  59
  59
  
    
global $openssl_digest_algs;


  		




  60
  
  
    
$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");


  		




  
  60
  
    
$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512", "whirlpool");


  		




  61
  61
  
    

  		




  62
  62
  
    
global $openssl_crl_status;


  		




  63
  63
  
    
$openssl_crl_status = array(


  		












  

    
      src/usr/local/www/system_camanager.php
    
  





  67
  67
  
    
	"internal" => gettext("Create an internal Certificate Authority"),


  		




  68
  68
  
    
	"intermediate" => gettext("Create an intermediate Certificate Authority"));


  		




  69
  69
  
    

  		




  70
  
  
    
$ca_keylens = array("512", "1024", "2048", "4096");


  		




  71
  
  
    
$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");


  		




  
  70
  
    
$ca_keylens = array("512", "1024", "2048", "3072", "4096", "7680", "8192", "15360", "16384");


  		




  
  71
  
    
$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512", "whirlpool");


  		




  72
  72
  
    

  		




  73
  73
  
    
if (is_numericint($_GET['id'])) {


  		




  74
  74
  
    
	$id = $_GET['id'];


  		












  

    
      src/usr/local/www/system_certmanager.php
    
  





  68
  68
  
    
	"external" => gettext("Create a Certificate Signing Request"),


  		




  69
  69
  
    
);


  		




  70
  70
  
    

  		




  71
  
  
    
$cert_keylens = array("512", "1024", "2048", "4096");


  		




  
  71
  
    
$cert_keylens = array("512", "1024", "2048", "3072", "4096", "7680", "8192", "15360", "16384");


  		




  72
  72
  
    
$cert_types = array(


  		




  73
  73
  
    
	"server" => "Server Certificate",


  		




  74
  74
  
    
	"user" => "User Certificate");


  		




  75
  75
  
    

  		




  76
  76
  
    
$altname_types = array("DNS", "IP", "email", "URI");


  		




  77
  
  
    
$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");


  		




  
  77
  
    
$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512", "whirlpool");


  		




  78
  78
  
    

  		




  79
  79
  
    
if (is_numericint($_GET['userid'])) {


  		




  80
  80
  
    
	$userid = $_GET['userid'];


  		












  

    
      src/usr/local/www/system_usermanager.php
    
  





  921
  921
  
    
					512 => '512 bits',


  		




  922
  922
  
    
					1024 => '1024 bits',


  		




  923
  923
  
    
					2048 => '2048 bits',


  		




  
  924
  
    
					3072 => '3072 bits',


  		




  924
  925
  
    
					4096 => '4096 bits',


  		




  
  926
  
    
					7680 => '7680 bits',


  		




  
  927
  
    
					8192 => '8192 bits',


  		




  
  928
  
    
					15360 => '15360 bits',


  		




  
  929
  
    
					16384 => '16384 bits'


  		




  925
  930
  
    
				)


  		




  926
  
  
    
			));


  		




  
  931
  
    
			))->setHelp('The larger the key, the more security it offers, but larger keys take considerably more time to generate, and take slightly longer to validate leading to a slight slowdown in setting up new sessions (not always noticeable). As of 2016, 2048 bit is the minimum and most common selection and 4096 is the maximum in common use. For more information see <a href="https://keylength.com">keylength.com</a>.');


  		




  927
  932
  
    

  		




  928
  933
  
    
			$section->addInput(new Form_Input(


  		




  929
  934
  
    
				'lifetime',


  		












Also available in:  Unified diff