New submission from Christian Heimes <li...@cheimes.de>:
In bug #34399, I updated all RSA keys to 2048. However that not sufficient for future proof settings. Fedora's FUTURE crypto policy requires 3072bit RSA keys. Further more, I forgot to update the signature algorithm, too. * RSA >= 3072bits * finite field DH >= 3072bits * signature algorithm with SHA2-256 or SHA2-384 PKCSv1 #1.5 (I don't think RSASSA-PSS works with OpenSSL 1.0.2 or TLS < 1.0) ---------- assignee: christian.heimes components: SSL messages: 324324 nosy: alex, christian.heimes, dstufft, janssen priority: normal severity: normal stage: test needed status: open title: [TLS] Update test certs to future proof settings type: behavior versions: Python 2.7, Python 3.6, Python 3.7, Python 3.8 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue34542> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
