[Kimchi-devel] [PATCH] Changes to use 2048 bit public key for self-signed certificate
Mark Wu
wudxw at linux.vnet.ibm.com
Fri Apr 25 03:14:35 UTC 2014
After 1/1/2014, 1024 bit keys are no longer considered secure enough
and may not be supported by all browsers. So changes to use 2048 bit
public key.
See Appendix A in this document:
https://www.cabforum.org/Baseline_Requirements_V1.pdf
Signed-off-by: Mark Wu <wudxw at linux.vnet.ibm.com>
---
src/kimchi/sslcert.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/kimchi/sslcert.py b/src/kimchi/sslcert.py
index 37b4961..1ca8502 100644
--- a/src/kimchi/sslcert.py
+++ b/src/kimchi/sslcert.py
@@ -39,7 +39,7 @@ class SSLCert(object):
self.cert = X509.X509()
pubkey = EVP.PKey()
- rsa = RSA.gen_key(1024, 65537, keygen_cb)
+ rsa = RSA.gen_key(2048, 65537, keygen_cb)
pubkey.assign_rsa(rsa)
self._key = rsa.as_pem(None, callback=passphrase_cb)
rsa = None
--
1.8.4.2
More information about the Kimchi-devel
mailing list