[Bug 199379] [PATCH] Update SSL key generation to today's standards.

bugzilla-noreply Sat, 11 Apr 2015 07:50:51 -0700

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199379


            Bug ID: 199379
           Summary: [PATCH] Update SSL key generation to today's
                    standards.
           Product: Documentation
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Only Me
          Priority: ---
         Component: Documentation
          Assignee: [email protected]
          Reporter: [email protected]
          Keywords: patch

Created attachment 155478
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=155478&action=edit
Patch for openssl chapter in handbook.

The current SSL key generation chapter contains a few inaccuracies and 
the generated keys are not up to date with today's standards.

This patch shows how to generate secure keys and includes a good place for more
information, namely the openssl cookbook.

Mainly: 

- Use RSA for key generation, instead of DSA. 
- Fix documentation that lied about generation an RSA key while it actually was
DSA. 
- Use SHA256 for signatures instead of older SHA1:
http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html
- Use recommended 2048 bits instead of 1024.

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-doc
To unsubscribe, send any mail to "[email protected]"

[Bug 199379] [PATCH] Update SSL key generation to today's standards.

Reply via email to