[openssl.org #2626] ENHANCEMENT: please update default_bits to 2048 in default openssl.cnf

Daniel Kahn Gillmor via RT Wed, 19 Oct 2011 09:00:13 -0700

The current default openssl.cnf appears to have default_bits = 1024:

http://cvs.openssl.org/fileview?f=openssl/apps/openssl.cnf&v=1.23.4.6


however, NIST has recommended avoiding reliance on 1024-bit RSA keys
after 2010.

See pages 63-66 of:

http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf

Please change default_bits in the stock openssl.cnf to 2048, or include
some clear justification for why the tool defaults to creating a
deprecated keysize.

Thanks,

        --dkg

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

[openssl.org #2626] ENHANCEMENT: please update default_bits to 2048 in default openssl.cnf

Reply via email to