On Fri, Aug 10, 2018 at 02:02:51PM +0200, Maxime Coquelin wrote: > > > On 08/09/2018 08:01 PM, Timothy Redaelli wrote: > >Currently, 1024-bit RSA keys are generated for OVS tests, are suggested in > >ovn-architecture manpage examples and are used to generate the RSA keys > >inside > >the sandbox (make sandbox), but OpenSSL documentation suggests to use at > >least > >2048-bit keys, since "fewer amount of bits is considered insecure or to be > >insecure pretty soon" [1]. > > > >Moreover, it's not currently possible to use OVS with 1024-bit keys (and > >some SSL-related tests fail for this reason) on Fedora 29 when the FUTURE > >crypto policies are enabled [2]. FUTURE crypto policies will become the > >DEFAULT soon on Fedora Rawhide. > > > >[1] https://github.com/openssl/openssl/blob/master/doc/HOWTO/keys.txt > >[2] https://fedoraproject.org/wiki/Changes/CryptoSettings > > > >Timothy Redaelli (3): > > tests: Use the default key length when generating RSA keys > > ovn-architecture: Use the default key length in examples > > ovs-sandbox: Generate the SSL keys using the default key length > > > > ovn/ovn-architecture.7.xml | 2 +- > > tests/ovs-vsctl.at | 4 ++-- > > tests/ovsdb-rbac.at | 8 ++++---- > > tutorial/ovs-sandbox | 8 ++++---- > > 4 files changed, 11 insertions(+), 11 deletions(-) > > > > Tested-by: Maxime Coquelin <maxime.coque...@redhat.com>
Thanks, Timothy and Maxime. I applied this series to master. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev