Use 2048-bit RSA keys for auto-generated certificates.
Security researchers have recommended moving away from 1024-bit keys for a few years now.
This commit is contained in:
parent
85c3a03aec
commit
9cff326327
1 changed files with 1 additions and 1 deletions
|
@ -364,7 +364,7 @@ static void sslGenerateCertificate(const char *certificate,
|
|||
umask(077);
|
||||
check(setenv("PATH", "/usr/bin:/usr/sbin", 1) == 0);
|
||||
execlp("openssl", "openssl", "req", "-x509", "-nodes", "-days", "7300",
|
||||
"-newkey", "rsa:1024", "-keyout", certificate, "-out", certificate,
|
||||
"-newkey", "rsa:2048", "-keyout", certificate, "-out", certificate,
|
||||
"-subj", stringPrintf(NULL, "/CN=%s/", serverName),
|
||||
(char *)NULL);
|
||||
check(0);
|
||||
|
|
Loading…
Reference in a new issue