This likely depends on the crypto policies set. And yes 1024 is probably no longer allowed.
You can try: update-crypto-policies —set LEGACY but better to generate new stronger keys. Paul Sent using a virtual keyboard on a phone > On Jan 8, 2024, at 12:38, Praveen Chavan <[email protected]> wrote: > > > Hi, > > I am using Oracle Linux 9 based libreswan packages along with nss-tools for > certificate based authentication for IPsec. > > Has there been a change in libreswan or nss-tools ( that you might be aware > of ) to restrict RSA key length 1024? > > I noticed this error with RSA key size 1024. > NSS: RSA DSS sign function failed: SEC_ERROR_OUTPUT_LEN: security library: > output length error. > > libreswan-4.6-3.0.1.el9_1.1.x86_64.rpm, nss-tools-3.71.0-7.el9.x86_64.rpm: > RSA key 1024 works > libreswan-4.12-1.0.1.el9.x86_64.rpm, nss-tools-3.71.0-7.el9.x86_64.rpm: > RSA key 1024 - Failed with above shown NSS error > > Any insights on this error will be helpful! > > Thanks, > Praveen
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
