Date: Sat, 11 Apr 2015 14:50:29 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-doc@FreeBSD.org Subject: [Bug 199379] [PATCH] Update SSL key generation to today's standards. Message-ID: <bug-199379-9@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199379 Bug ID: 199379 Summary: [PATCH] Update SSL key generation to today's standards. Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Only Me Priority: --- Component: Documentation Assignee: freebsd-doc@FreeBSD.org Reporter: roland@micite.net Keywords: patch Created attachment 155478 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=155478&action=edit Patch for openssl chapter in handbook. The current SSL key generation chapter contains a few inaccuracies and the generated keys are not up to date with today's standards. This patch shows how to generate secure keys and includes a good place for more information, namely the openssl cookbook. Mainly: - Use RSA for key generation, instead of DSA. - Fix documentation that lied about generation an RSA key while it actually was DSA. - Use SHA256 for signatures instead of older SHA1: http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html - Use recommended 2048 bits instead of 1024. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-199379-9>