> On Aug 30, 2020, at 00:57, Paul Spooren <[email protected]> wrote: > > Hi team, > > I recently rewrote px5g[1] to use WolfSSL instead of MbedTLS, as the former > will be included in OpenWrt 20.x per default. > > Both implementations support the generation of RSA and ECC keys, where uhttpd > currently defaults to RSA with 2048 keys. > > The question came up if we really want RSA certificates for LuCI or if the > faster and "more modern" ECC P-256 wouldn't be a better choice. > > If px5g is added to the next release, certificates are generated on first > boot and most users are unlikely to manually recreate RSA ones, not? > > So the question, shouldn't we drop all crypto options from the new px5g > implementation and _only_ offer P-256? Whoever wants something else than the > default may use px5g-mbedtls or some OpenSSL based tool? I’m all for removing code. > > Best, > Paul > > [1]: https://github.com/openwrt/openwrt/pull/3363 >
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
