#82 SSL certs generated by ZNC don't meet current sec standards

closed
Psychon
Engine (43)
5
2010-02-18
2010-02-10
Reed Loden
No

Currently, SSL certificates generated via the --makepem method generate a 1024-bit RSA key and use the MD5 signing algorithm. Instead, the key should be at least 2048 bits and use at least the SHA-1 signing algorithm. This will bring ZNC up to current security standards for SSL certificates.

The attached patch does just that.

Discussion

  • flakes
    flakes
    2010-02-10

    I support this move.

     
  • Psychon
    Psychon
    2010-02-18

    r1774, thanks a lot.

     
  • Psychon
    Psychon
    2010-02-18

    • assigned_to: prozacx --> psychon
    • status: open --> closed