Increase the default RSA key size to 2048

5 years ago · 4a05b4bf05
parent 0d5af14325
commit 4a05b4bf05
4 changed files with 5 additions and 5 deletions
--- a/defaults.h
+++ b/defaults.h
@ -80,7 +80,7 @@
 * OpenSSL security level of 2+ does not accept key size of 1024 bits, giving 
 * a "key too small" error while loading forged cert into SSL ctx.
 */
-#define DFLT_LEAFKEY_RSABITS 1024
+#define DFLT_LEAFKEY_RSABITS 2048

 #endif /* !DEFAULTS_H */

--- a/sslproxy.1
+++ b/sslproxy.1
@ -287,7 +287,7 @@ no matching certificate in the provided certificate directory.
 .TP
 .B \-K \fIpemfile\fP
 Use private key from \fIpemfile\fP for the leaf certificates forged on-the-fly.
-If \fB-K\fP is not given, SSLproxy will generate a random 1024-bit RSA key.
+If \fB-K\fP is not given, SSLproxy will generate a random 2048-bit RSA key.
 .TP
 .B \-l \fIlogfile\fP
 Log connections to \fIlogfile\fP in a single line per connection format,
--- a/sslproxy.conf
+++ b/sslproxy.conf
@ -93,8 +93,8 @@ CAKey /etc/sslproxy/ca.key
 #Ciphers MEDIUM:HIGH

 # Leaf key RSA keysize in bits, use 1024|2048|3072|4096.
-# (default: 1024)
-#LeafKeyRSABits 1024
+# (default: 2048)
+#LeafKeyRSABits 2048

 # OpenSSL engine to activate, either ID or full path to shared library
 # Equivalent to -x command line option
--- a/sslproxy.conf.5
+++ b/sslproxy.conf.5
@ -141,7 +141,7 @@ Default: ALL:-aNULL
 \fBLeafKeyRSABits NUMBER\fR
 Leaf key RSA keysize in bits, use 1024|2048|3072|4096.
 .br 
-Default: 1024
+Default: 2048
 .TP 
 \fBOpenSSLEngine STRING\fR
 The OpenSSL engine to activate.  Equivalent to -x command line option.