On Sat, Mar 23, 2019 at 11:30:15PM -0600, Randy Hartman wrote: > ssl(8) man page changed example key size from 2048 to 4096 > in 2012 but reverted after two days. smtpd.conf(5)'s man page > and acme-client both use 4096. is it time to un-revert? >
fixed, thanks. jmc > Index: ssl.8 > =================================================================== > RCS file: /cvs/src/share/man/man8/ssl.8,v > retrieving revision 1.66 > diff -u -p -u -p -r1.66 ssl.8 > --- ssl.8 8 Jul 2017 17:52:44 -0000 1.66 > +++ ssl.8 24 Mar 2019 04:41:31 -0000 > @@ -65,13 +65,13 @@ To support HTTPS transactions in > .Xr httpd 8 > you will need to generate an RSA certificate. > .Bd -literal -offset indent > -# openssl genrsa -out /etc/ssl/private/server.key 2048 > +# openssl genrsa -out /etc/ssl/private/server.key 4096 > .Ed > .Pp > Or, if you wish the key to be encrypted with a passphrase that you will > have to type in when starting servers > .Bd -literal -offset indent > -# openssl genrsa -aes256 -out /etc/ssl/private/server.key 2048 > +# openssl genrsa -aes256 -out /etc/ssl/private/server.key 4096 > .Ed > .Pp > The next step is to generate a Certificate Signing Request (CSR) which is >