On Tue, Jun 9, 2020 at 10:23 AM Paul-Erik Törrönen <poltsi(a)poltsi.fi> wrote:
On 2020-06-08 08:58, Yedidyah Bar David wrote:
> I agree it's not detailed enough.
> We have it briefly mentioned e.g. here:
> For some reason it's marked "Optional", not sure why.
I think it should also be pointed out that only certain keys are
You can't eg. have a ed25519-only setup as the installation tries to use
Thanks for this comment. Added a note for you on Wart's bug 1845271.
Do you think this is a significant limitation?
In theory, it should not be too hard to make the engine's PKI code
more flexible, allowing configuring it to use whatever algorithms
both openssl/m2crypto and Java support, but in reality this was never
requested. Only relevant change I recall was the request to change
from hash algo SHA1 to SHA256, several years ago (which we did, then,
unconditionally, still hardcoding sha256 in several places).
Thanks and best regards,