Given the current state of the art, a 4K RSA is not a security flaw. Maybe in the future it will be, but not now. And it's not a serious flaw, because you are changing the source code on one side and expecting the other side to work without similar changes.
Saying "1-2 seconds it not a lot for the handshake" is naïve. It is quite a lot if that server handles 1000 connections per second. :) Changing OpenSSL so that the maximum keysize can be specified at run-time is a nice enhancement. It's not on anyone's plate at the moment, so if you have time a patch would be useful. I understand the GNU philosophy of no arbitrary limits. But keysize isn't the same thing as line-length, and other factors such as CPU cost must be considered. I recommend you close this as WONTFIX. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org