On Thu, May 19, 2011 at 5:44 AM, Tim Watts <t...@dionic.net> wrote: > Hi folks, > > I'm setting up a new CA/SSL infrastructure for work - the CA is self signed > and all SSL certs (mostly server certs rather than client certs) will be > signed off against this CA. > > I've just made the effort to try to actually understand SSL a bit better > rather than monkey churning brokens certs out - so I'd really value a quick > eyeball of my config and some text dumps of sample certs if anyone has a mo. > > Revocation crl would be published in this example at: > > http://www.example.com/ssl/CA-example.com.crl > > I do apologise - it's a long post. I'm just not totally sure if I have the > correct attributes and extensions - and whether it meets the requirements of > a v3 SSL cert (I think it does). Is 4096 bit key and sha1 a good choice? > > And is the revocation bit done correctly (assuming I actually maintain a CRL > from openssl ca -gencrl at the url above? > > > [SNIP]
> I'm setting up a new CA/SSL infrastructure for work > ... > and whether it meets the requirements of a v3 SSL cert > (I think it does). Is 4096 bit key and sha1 a good choice? SHA-1 is not a good choice here. You are exceeding 128 bits of security with the 4096 key, but only offering ~50 bits of security for authentication (SHA has an ideal level of 80 bits, but it has been reduced). You would probably want to use SHA-256. As an attacker, would you try to factor the modulus (which should take over 2^128 work, or swap in a key and sign it as the CA (at a cost of 2^50)? Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
