Message ID | cover.1533833706.git.tredaelli@redhat.com |
---|---|
Headers | show |
Series | Use the default key length for RSA keys | expand |
On 08/09/2018 08:01 PM, Timothy Redaelli wrote: > Currently, 1024-bit RSA keys are generated for OVS tests, are suggested in > ovn-architecture manpage examples and are used to generate the RSA keys inside > the sandbox (make sandbox), but OpenSSL documentation suggests to use at least > 2048-bit keys, since "fewer amount of bits is considered insecure or to be > insecure pretty soon" [1]. > > Moreover, it's not currently possible to use OVS with 1024-bit keys (and > some SSL-related tests fail for this reason) on Fedora 29 when the FUTURE > crypto policies are enabled [2]. FUTURE crypto policies will become the > DEFAULT soon on Fedora Rawhide. > > [1] https://github.com/openssl/openssl/blob/master/doc/HOWTO/keys.txt > [2] https://fedoraproject.org/wiki/Changes/CryptoSettings > > Timothy Redaelli (3): > tests: Use the default key length when generating RSA keys > ovn-architecture: Use the default key length in examples > ovs-sandbox: Generate the SSL keys using the default key length > > ovn/ovn-architecture.7.xml | 2 +- > tests/ovs-vsctl.at | 4 ++-- > tests/ovsdb-rbac.at | 8 ++++---- > tutorial/ovs-sandbox | 8 ++++---- > 4 files changed, 11 insertions(+), 11 deletions(-) > Tested-by: Maxime Coquelin <maxime.coquelin@redhat.com> Thanks! Maxime
On Fri, Aug 10, 2018 at 02:02:51PM +0200, Maxime Coquelin wrote: > > > On 08/09/2018 08:01 PM, Timothy Redaelli wrote: > >Currently, 1024-bit RSA keys are generated for OVS tests, are suggested in > >ovn-architecture manpage examples and are used to generate the RSA keys inside > >the sandbox (make sandbox), but OpenSSL documentation suggests to use at least > >2048-bit keys, since "fewer amount of bits is considered insecure or to be > >insecure pretty soon" [1]. > > > >Moreover, it's not currently possible to use OVS with 1024-bit keys (and > >some SSL-related tests fail for this reason) on Fedora 29 when the FUTURE > >crypto policies are enabled [2]. FUTURE crypto policies will become the > >DEFAULT soon on Fedora Rawhide. > > > >[1] https://github.com/openssl/openssl/blob/master/doc/HOWTO/keys.txt > >[2] https://fedoraproject.org/wiki/Changes/CryptoSettings > > > >Timothy Redaelli (3): > > tests: Use the default key length when generating RSA keys > > ovn-architecture: Use the default key length in examples > > ovs-sandbox: Generate the SSL keys using the default key length > > > > ovn/ovn-architecture.7.xml | 2 +- > > tests/ovs-vsctl.at | 4 ++-- > > tests/ovsdb-rbac.at | 8 ++++---- > > tutorial/ovs-sandbox | 8 ++++---- > > 4 files changed, 11 insertions(+), 11 deletions(-) > > > > Tested-by: Maxime Coquelin <maxime.coquelin@redhat.com> Thanks, Timothy and Maxime. I applied this series to master.