On Mon, May 09, 2016 at 06:57:52PM +0200, arrowscr...@mail.com wrote: > It's great to see OpenBSD Project supporting Let's Encrypt. I don't > know if you folks still configuring it, but there's some points > that I noticed: > - I don't know in modern browsers, but Links 2.12 say that the > certificate is not valid. It's just old browsers, or firefox also > have this same problem?
Works for me with Lynx on -current and 5.8. > - The RSA is 4096 bits. If I remember correctly, reyk@ said once > that 4096 is overkill. Any specific reason to use 4096 instead of > 2048? Let's Encrypt uses 4096. > - Do you plan to support ftp.openbsd.org? Would be great to > download packages with more security You only need to check the signify keys using https (https://www.openbsd.org/59.html). I don't see how TLS is going to add "more security" to the download sites. -- Juan Francisco Cantero Hurtado http://juanfra.info
