Currently, 1024-bit RSA keys are generated for OVS tests, are suggested in ovn-architecture manpage examples and are used to generate the RSA keys inside the sandbox (make sandbox), but OpenSSL documentation suggests to use at least 2048-bit keys, since "fewer amount of bits is considered insecure or to be insecure pretty soon" [1].
Moreover, it's not currently possible to use OVS with 1024-bit keys (and some SSL-related tests fail for this reason) on Fedora 29 when the FUTURE crypto policies are enabled [2]. FUTURE crypto policies will become the DEFAULT soon on Fedora Rawhide. [1] https://github.com/openssl/openssl/blob/master/doc/HOWTO/keys.txt [2] https://fedoraproject.org/wiki/Changes/CryptoSettings Timothy Redaelli (3): tests: Use the default key length when generating RSA keys ovn-architecture: Use the default key length in examples ovs-sandbox: Generate the SSL keys using the default key length ovn/ovn-architecture.7.xml | 2 +- tests/ovs-vsctl.at | 4 ++-- tests/ovsdb-rbac.at | 8 ++++---- tutorial/ovs-sandbox | 8 ++++---- 4 files changed, 11 insertions(+), 11 deletions(-) -- 2.17.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
