ZNC - Advanced IRC Bouncer / Bugs / #82 SSL certs generated by ZNC don't meet current sec standards

#82 SSL certs generated by ZNC don't meet current sec standards

Status: closed

Owner: Psychon

Labels: Engine (43)

Priority: 5

Updated: 2010-02-18

Created: 2010-02-10

Creator: Reed Loden

Private: No

Currently, SSL certificates generated via the --makepem method generate a 1024-bit RSA key and use the MD5 signing algorithm. Instead, the key should be at least 2048 bits and use at least the SHA-1 signing algorithm. This will bring ZNC up to current security standards for SSL certificates.

The attached patch does just that.

Discussion

Reed Loden - 2010-02-10

v1 patch

znc-more-secure-ssl-cert-gen.diff

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

flakes - 2010-02-10

I support this move.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Psychon - 2010-02-18

r1774, thanks a lot.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Psychon - 2010-02-18

assigned_to: prozacx --> psychon

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

SSL certs generated by ZNC don't meet current sec standards

Group

Searches

Help

#82 SSL certs generated by ZNC don't meet current sec standards

Discussion