freeipa

Clone
Source Code
GIT

45b8cc1 Increase default key size for CA to 3072 bits

Authored and Committed by cheimes 5 years ago
raw patch tree parent
4 files changed. 71 lines added. 1 lines removed.
install/share/ipaca_customize.ini
file modified
+1 -1
ipatests/prci_definitions/gating.yaml
file modified
+12 -0
ipatests/pytest_ipa/integration/tasks.py
file modified
+18 -0
ipatests/test_integration/test_installation.py
file modified
+40 -0 
    Increase default key size for CA to 3072 bits
    
    The signing key for IPA's CA certificate now uses a 3072 bit RSA key by
    default.
    
    According to https://www.keylength.com/, NIST 800-57 Part 1 Rev. 4
    recommends 3072 bit RSA keys for keys that are used beyond 2030 for 128 bit
    strength.
    
    Fixes: https://pagure.io/freeipa/issue/6790
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
file modified
+1 -1
file modified
+12 -0
file modified
+18 -0
file modified
+40 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.