On 08/09/2018 08:01 PM, Timothy Redaelli wrote:
Currently, 1024-bit RSA keys are generated for OVS tests, are suggested in
ovn-architecture manpage examples and are used to generate the RSA keys inside
the sandbox (make sandbox), but OpenSSL documentation suggests to use at least
2048-bit keys, since "fewer amount of bits is considered insecure or to be
insecure pretty soon" [1].

Moreover, it's not currently possible to use OVS with 1024-bit keys (and
some SSL-related tests fail for this reason) on Fedora 29 when the FUTURE
crypto policies are enabled [2]. FUTURE crypto policies will become the
DEFAULT soon on Fedora Rawhide.

[1] https://github.com/openssl/openssl/blob/master/doc/HOWTO/keys.txt
[2] https://fedoraproject.org/wiki/Changes/CryptoSettings

Timothy Redaelli (3):
   tests: Use the default key length when generating RSA keys
   ovn-architecture: Use the default key length in examples
   ovs-sandbox: Generate the SSL keys using the default key length

  ovn/ovn-architecture.7.xml | 2 +-
  tests/ovs-vsctl.at         | 4 ++--
  tests/ovsdb-rbac.at        | 8 ++++----
  tutorial/ovs-sandbox       | 8 ++++----
  4 files changed, 11 insertions(+), 11 deletions(-)

Tested-by: Maxime Coquelin <maxime.coque...@redhat.com>

dev mailing list

Reply via email to