Applied patches for not using md5. Additionally, the root CA is no 4096 bits, host...

[ipfire-2.x.git] / config / ssl / openssl.cnf

diff --git a/config/ssl/openssl.cnf b/config/ssl/openssl.cnf
index f0906e5470dadb88bf4acec9acc45c5d5183f2b6..9d1e6e1ff5e5510483af261cb00eced32bb5893a 100644 (file)
--- a/config/ssl/openssl.cnf
+++ b/config/ssl/openssl.cnf
@@ -21,7 +21,7 @@ RANDFILE      = $dir/tmp/.rand
 x509_extensions        = usr_cert
 default_days   = 999999
 default_crl_days= 30
-default_md     = md5
+default_md     = sha256
 preserve       = no
 policy         = policy_match
 email_in_dn    = no
@@ -35,7 +35,7 @@ commonName            = supplied
 emailAddress           = optional
 
 [ req ]
-default_bits           = 1024
+default_bits           = 2048
 default_keyfile        = privkey.pem
 distinguished_name     = req_distinguished_name
 attributes             = req_attributes