[Pkg-openssl-devel] Bug#487152: [wishlist] openssl.cnf should use default_bits = 2048
Jamie Strandboge
jamie at ubuntu.com
Thu Jun 19 20:09:26 UTC 2008
Package: openssl
Version: 0.9.8g-4ubuntu3.1
Severity: wishlist
As we are approaching a time when 1024 bits is not going to be long
enough, it might be a good idea to consider changing openssl.cnf to
have:
[ req ]
default_bits = 2048
Interestingly, while it is currently 1024, the man page still says 512:
$ man req
....
default_bits
This specifies the default key size in bits. If not specified then
512 is used. It is used if the -new option is used. It can be over‐
ridden by using the -newkey option.
....
More information about the Pkg-openssl-devel
mailing list