Duplicate of ticket #2354.
On Wednesday 19 Oct 2011 16:58:28 Daniel Kahn Gillmor via RT wrote:
> The current default openssl.cnf appears to have default_bits = 1024:
>
> http://cvs.openssl.org/fileview?f=openssl/apps/openssl.cnf&v=1.23.4.6
>
> however, NIST has recommended avoiding reliance on 1024-bit RSA keys
> after 2010.
>
> See pages 63-66 of:
>
> http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_M
> ar08-2007.pdf
>
> Please change default_bits in the stock openssl.cnf to 2048, or include
> some clear justification for why the tool defaults to creating a
> deprecated keysize.
>
> Thanks,
>
> --dkg
>
> __
> OpenSSL Project http://www.openssl.org
> Development Mailing List openssl-dev@openssl.org
> Automated List Manager majord...@openssl.org
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender by replying
to the e-mail containing this attachment. Replies to this email may be
monitored by Comodo for operational or business reasons. Whilst every
endeavour is taken to ensure that e-mails are free from viruses, no liability
can be accepted and the recipient is requested to use their own virus checking
software.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
