[openssl.org #2626] ENHANCEMENT: please update default_bits to 2048 in default openssl.cnf

2014-09-08 Thread Rich Salz via RT
OpenSSL_1_0_2-stable 57c932d RT2626: Change default_bits from 1K to 2K
HEAD 44e0c2b RT2626: Change default_bits from 1K to 2K



Author: Kurt Roeckx k...@roeckx.be
Date: Mon Sep 8 17:14:36 2014 -0400

RT2626: Change default_bits from 1K to 2K

This is a more comprehensive fix. It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1. This is from
Kurt's upstream Debian changes.

Reviewed-by: Rich Salz rs...@openssl.org
Reviewed-by: Kurt Roeckx k...@openssl.org


--
Rich Salz, OpenSSL dev team; rs...@openssl.org

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org


Re: [openssl.org #2626] ENHANCEMENT: please update default_bits to 2048 in default openssl.cnf

2011-10-20 Thread Rob Stradling
Duplicate of ticket #2354.

On Wednesday 19 Oct 2011 16:58:28 Daniel Kahn Gillmor via RT wrote:
 The current default openssl.cnf appears to have default_bits = 1024:
 
 http://cvs.openssl.org/fileview?f=openssl/apps/openssl.cnfv=1.23.4.6
 
 however, NIST has recommended avoiding reliance on 1024-bit RSA keys
 after 2010.
 
 See pages 63-66 of:
 
 http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_M
 ar08-2007.pdf
 
 Please change default_bits in the stock openssl.cnf to 2048, or include
 some clear justification for why the tool defaults to creating a
 deprecated keysize.
 
 Thanks,
 
   --dkg
 
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   majord...@openssl.org

Rob Stradling
Senior Research  Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690
Registered Office:
  3rd Floor, 26 Office Village, Exchange Quay,
  Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender by replying
to the e-mail containing this attachment. Replies to this email may be
monitored by Comodo for operational or business reasons. Whilst every
endeavour is taken to ensure that e-mails are free from viruses, no liability
can be accepted and the recipient is requested to use their own virus checking
software.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org


[openssl.org #2626] ENHANCEMENT: please update default_bits to 2048 in default openssl.cnf

2011-10-19 Thread Daniel Kahn Gillmor via RT
The current default openssl.cnf appears to have default_bits = 1024:

http://cvs.openssl.org/fileview?f=openssl/apps/openssl.cnfv=1.23.4.6

however, NIST has recommended avoiding reliance on 1024-bit RSA keys
after 2010.

See pages 63-66 of:

http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf

Please change default_bits in the stock openssl.cnf to 2048, or include
some clear justification for why the tool defaults to creating a
deprecated keysize.

Thanks,

--dkg

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org