vpnmain.cgi: Make on-demand mode default for IPsec VPNs

[people/pmueller/ipfire-2.x.git] / config / ssl / openssl.cnf

diff --git a/config/ssl/openssl.cnf b/config/ssl/openssl.cnf
index f0906e5470dadb88bf4acec9acc45c5d5183f2b6..3b980fcd40f3bae0815bdcf37003d4d1483af09c 100644 (file)
--- a/config/ssl/openssl.cnf
+++ b/config/ssl/openssl.cnf
@@ -1,5 +1,4 @@
 HOME           = .
-RANDFILE       = /var/tmp/.rnd
 oid_section    = new_oids
 
 [ new_oids ]
@@ -17,11 +16,10 @@ certificate = $dir/ca/cacert.pem
 serial         = $dir/certs/serial
 crl            = $dir/crls/cacrl.pem
 private_key    = $dir/private/cakey.pem
-RANDFILE       = $dir/tmp/.rand
 x509_extensions        = usr_cert
 default_days   = 999999
 default_crl_days= 30
-default_md     = md5
+default_md     = sha256
 preserve       = no
 policy         = policy_match
 email_in_dn    = no
@@ -35,7 +33,7 @@ commonName            = supplied
 emailAddress           = optional
 
 [ req ]
-default_bits           = 1024
+default_bits           = 2048
 default_keyfile        = privkey.pem
 distinguished_name     = req_distinguished_name
 attributes             = req_attributes