ssl(8) man page changed example key size from 2048 to 4096 in 2012 but reverted after two days. smtpd.conf(5)'s man page and acme-client both use 4096. is it time to un-revert?
Index: ssl.8 =================================================================== RCS file: /cvs/src/share/man/man8/ssl.8,v retrieving revision 1.66 diff -u -p -u -p -r1.66 ssl.8 --- ssl.8 8 Jul 2017 17:52:44 -0000 1.66 +++ ssl.8 24 Mar 2019 04:41:31 -0000 @@ -65,13 +65,13 @@ To support HTTPS transactions in .Xr httpd 8 you will need to generate an RSA certificate. .Bd -literal -offset indent -# openssl genrsa -out /etc/ssl/private/server.key 2048 +# openssl genrsa -out /etc/ssl/private/server.key 4096 .Ed .Pp Or, if you wish the key to be encrypted with a passphrase that you will have to type in when starting servers .Bd -literal -offset indent -# openssl genrsa -aes256 -out /etc/ssl/private/server.key 2048 +# openssl genrsa -aes256 -out /etc/ssl/private/server.key 4096 .Ed .Pp The next step is to generate a Certificate Signing Request (CSR) which is
