On Fri, Aug 10, 2018 at 02:02:51PM +0200, Maxime Coquelin wrote:
>
>
> On 08/09/2018 08:01 PM, Timothy Redaelli wrote:
> >Currently, 1024-bit RSA keys are generated for OVS tests, are suggested in
> >ovn-architecture manpage examples and are used to generate the RSA keys
> >inside
> >the sandbox (make sandbox), but OpenSSL documentation suggests to use at
> >least
> >2048-bit keys, since "fewer amount of bits is considered insecure or to be
> >insecure pretty soon" [1].
> >
> >Moreover, it's not currently possible to use OVS with 1024-bit keys (and
> >some SSL-related tests fail for this reason) on Fedora 29 when the FUTURE
> >crypto policies are enabled [2]. FUTURE crypto policies will become the
> >DEFAULT soon on Fedora Rawhide.
> >
> >[1] https://github.com/openssl/openssl/blob/master/doc/HOWTO/keys.txt
> >[2] https://fedoraproject.org/wiki/Changes/CryptoSettings
> >
> >Timothy Redaelli (3):
> > tests: Use the default key length when generating RSA keys
> > ovn-architecture: Use the default key length in examples
> > ovs-sandbox: Generate the SSL keys using the default key length
> >
> > ovn/ovn-architecture.7.xml | 2 +-
> > tests/ovs-vsctl.at | 4 ++--
> > tests/ovsdb-rbac.at| 8
> > tutorial/ovs-sandbox | 8
> > 4 files changed, 11 insertions(+), 11 deletions(-)
> >
>
> Tested-by: Maxime Coquelin
Thanks, Timothy and Maxime. I applied this series to master.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev