From 9cff326327fbadc0a6b6735dada69701518e4acb Mon Sep 17 00:00:00 2001 From: Jay Weisskopf Date: Thu, 2 Feb 2012 00:11:13 -0600 Subject: [PATCH] Use 2048-bit RSA keys for auto-generated certificates. Security researchers have recommended moving away from 1024-bit keys for a few years now. --- libhttp/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhttp/ssl.c b/libhttp/ssl.c index ba92133..f9cb37f 100755 --- a/libhttp/ssl.c +++ b/libhttp/ssl.c @@ -364,7 +364,7 @@ static void sslGenerateCertificate(const char *certificate, umask(077); check(setenv("PATH", "/usr/bin:/usr/sbin", 1) == 0); execlp("openssl", "openssl", "req", "-x509", "-nodes", "-days", "7300", - "-newkey", "rsa:1024", "-keyout", certificate, "-out", certificate, + "-newkey", "rsa:2048", "-keyout", certificate, "-out", certificate, "-subj", stringPrintf(NULL, "/CN=%s/", serverName), (char *)NULL); check(0);