diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2014-09-08 23:14:36 +0200 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2014-09-08 23:21:04 +0200 |
commit | 44e0c2bae4bfd87d770480902618dbccde84fd81 (patch) | |
tree | fec922dd02ccada0d46acea1710604171a5633d8 /apps | |
parent | RT2600: Change Win line-endings to Unix. (diff) | |
download | openssl-44e0c2bae4bfd87d770480902618dbccde84fd81.tar.xz openssl-44e0c2bae4bfd87d770480902618dbccde84fd81.zip |
RT2626: Change default_bits from 1K to 2K
This is a more comprehensive fix. It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1. This is from
Kurt's upstream Debian changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Diffstat (limited to 'apps')
-rw-r--r-- | apps/dhparam.c | 4 | ||||
-rw-r--r-- | apps/gendh.c | 2 | ||||
-rw-r--r-- | apps/genrsa.c | 2 | ||||
-rw-r--r-- | apps/openssl.cnf | 2 |
4 files changed, 5 insertions, 5 deletions
diff --git a/apps/dhparam.c b/apps/dhparam.c index f5d7126af7..606365e180 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -130,7 +130,7 @@ #undef PROG #define PROG dhparam_main -#define DEFBITS 512 +#define DEFBITS 2048 /* -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM @@ -253,7 +253,7 @@ bad: BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); - BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); + BIO_printf(bio_err," numbits number of bits in to generate (default 2048)\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); #endif diff --git a/apps/gendh.c b/apps/gendh.c index 4ec776ba93..8df8c62f8a 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -78,7 +78,7 @@ #include <openssl/x509.h> #include <openssl/pem.h> -#define DEFBITS 512 +#define DEFBITS 2048 #undef PROG #define PROG gendh_main diff --git a/apps/genrsa.c b/apps/genrsa.c index 94cb613ccb..6b835c0acd 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -78,7 +78,7 @@ #include <openssl/pem.h> #include <openssl/rand.h> -#define DEFBITS 1024 +#define DEFBITS 2048 #undef PROG #define PROG genrsa_main diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 514e64035b..41c2a37426 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -103,7 +103,7 @@ emailAddress = optional #################################################################### [ req ] -default_bits = 1024 +default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes |