[Pkg-openssl-devel] Bug#487152: Bug#487152: [wishlist] openssl.cnf should use default_bits = 2048

Christoph Martin martin at uni-mainz.de
Mon Jun 23 11:15:13 UTC 2008


Jamie Strandboge schrieb:
> Package: openssl
> Version: 0.9.8g-4ubuntu3.1
> Severity: wishlist
> 
> 
> As we are approaching a time when 1024 bits is not going to be long
> enough, it might be a good idea to consider changing openssl.cnf to
> have:
> 
> [ req ]
> default_bits            = 2048
> 
> Interestingly, while it is currently 1024, the man page still says 512:
> 
> $ man req
> ....
>        default_bits
>            This specifies the default key size in bits. If not specified then
>            512 is used. It is used if the -new option is used. It can be over‐
>            ridden by using the -newkey option.
> ....

1024 is the default in openssl.cnf but is it also in the code when you
don't use the conf entry?

Christoph

-- 
============================================================================
Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany
 Internet-Mail:  Christoph.Martin at Verwaltung.Uni-Mainz.DE
  Telefon: +49-6131-3926337
      Fax: +49-6131-3922856

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20080623/ad04264d/attachment-0001.pgp 


More information about the Pkg-openssl-devel mailing list