Currently, SSL certificates generated via the --makepem method generate a 1024-bit RSA key and use the MD5 signing algorithm. Instead, the key should be at least 2048 bits and use at least the SHA-1 signing algorithm. This will bring ZNC up to current security standards for SSL certificates.
The attached patch does just that.
Log in to post a comment.