summaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorKurt Roeckx <kurt@roeckx.be>2014-09-08 23:14:36 +0200
committerRich Salz <rsalz@openssl.org>2014-09-08 23:21:04 +0200
commit44e0c2bae4bfd87d770480902618dbccde84fd81 (patch)
treefec922dd02ccada0d46acea1710604171a5633d8 /apps
parentRT2600: Change Win line-endings to Unix. (diff)
downloadopenssl-44e0c2bae4bfd87d770480902618dbccde84fd81.tar.xz
openssl-44e0c2bae4bfd87d770480902618dbccde84fd81.zip
RT2626: Change default_bits from 1K to 2K
This is a more comprehensive fix. It changes all keygen apps to use 2K keys. It also changes the default to use SHA256 not SHA1. This is from Kurt's upstream Debian changes. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Diffstat (limited to 'apps')
-rw-r--r--apps/dhparam.c4
-rw-r--r--apps/gendh.c2
-rw-r--r--apps/genrsa.c2
-rw-r--r--apps/openssl.cnf2
4 files changed, 5 insertions, 5 deletions
diff --git a/apps/dhparam.c b/apps/dhparam.c
index f5d7126af7..606365e180 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -130,7 +130,7 @@
#undef PROG
#define PROG dhparam_main
-#define DEFBITS 512
+#define DEFBITS 2048
/* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
@@ -253,7 +253,7 @@ bad:
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
- BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
+ BIO_printf(bio_err," numbits number of bits in to generate (default 2048)\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
diff --git a/apps/gendh.c b/apps/gendh.c
index 4ec776ba93..8df8c62f8a 100644
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -78,7 +78,7 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
-#define DEFBITS 512
+#define DEFBITS 2048
#undef PROG
#define PROG gendh_main
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 94cb613ccb..6b835c0acd 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -78,7 +78,7 @@
#include <openssl/pem.h>
#include <openssl/rand.h>
-#define DEFBITS 1024
+#define DEFBITS 2048
#undef PROG
#define PROG genrsa_main
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 514e64035b..41c2a37426 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -103,7 +103,7 @@ emailAddress = optional
####################################################################
[ req ]
-default_bits = 1024
+default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes