Hello, By default, openssl genrsa -out server.key 2048 creates server.key as a world readable private key file. Yes, this can probably be worked around using umask, but the default behavior is IMHO rather dangerous if the sysadmin forgets about this, or is in a hurry.
It would be safer if by default, the key file was created such that it was only readable by the creator. Thanks, Alain ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
