Hi, I'm concerned that it takes quite a bit of fiddling to make openssl use strong crypto.
It is not enough to just set default_md = sha512 under the [ ca ] section to force sha512 by default (this is the suggested way in most forums. It's wrong. It's sad to see how many admins believe that they are using sha512 when in fact openssl still defaults to sha1 or md5 in some other places.) Instead it is required to add a second default_md = sha512 line in the [ req ] section (which is not documented in openssl.cnf) or to use the -sha512 command line option for every single command. Don't expect the admin to know this. (When you google this topic then it becomes clear that admins really dont understand this - and why should they.) It would be desirable to have a global config to specify the default MD and default bit size _and_ trust openssl not to use weaker ciphers than the ones specified. Maybe something like this: [ global ] default_bits = 4096 default_md = sha512 # for backward compatibility. Not to be used in a post-prism era. #default_bits = 1024 #default_md = sha1 [ ca ] default_md = global ... regards, skyper
