From 2768e020f19f47e0d31ed883698a5aba1ad9d3a8 Mon Sep 17 00:00:00 2001
From: Simon Ruderich <simon@ruderich.org>
Date: Fri, 12 Apr 2013 16:51:52 +0200
Subject: [PATCH 1/1] src/tlsproxy-setup: Use --sec-param=high.

This creates a bigger RSA key. Not really relevant in our case because
the connection stays local (proxy to client), but it's a good example.
---
 src/tlsproxy-setup | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/tlsproxy-setup b/src/tlsproxy-setup
index a9e440b..ff5d3bd 100755
--- a/src/tlsproxy-setup
+++ b/src/tlsproxy-setup
@@ -27,6 +27,7 @@ trap 'rm -f "$tempfile"' EXIT
 
 # Generate proxy CA key file.
 certtool --generate-privkey \
+         --sec-param=high \
          --outfile proxy-ca-key.pem
 # Generate proxy CA.
 echo 'cn = tlsproxy CA' > "$tempfile"
@@ -40,6 +41,7 @@ certtool --generate-self-signed \
 
 # Generate proxy key file.
 certtool --generate-privkey \
+         --sec-param=high \
          --outfile proxy-key.pem
 
 # Generate proxy "invalid" server certificate. It's used for problematic
-- 
2.44.1