]> ruderich.org/simon Gitweb - tlsproxy/tlsproxy.git/blobdiff - src/tlsproxy-setup
ruderich.org/simon / tlsproxy / tlsproxy.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use pre-generated Diffie-Hellman parameters.
[tlsproxy/tlsproxy.git] / src / tlsproxy-setup
diff --git a/src/tlsproxy-setup b/src/tlsproxy-setup
index ff5d3bdf3baab3cdadde90a4f6f69f0eeb9f5b37..d553404eba931a749c7e4218212e7304486ab507 100755 (executable)
--- a/src/tlsproxy-setup
+++ b/src/tlsproxy-setup
@@ -27,7 +27,7 @@ trap 'rm -f "$tempfile"' EXIT
 
 # Generate proxy CA key file.
 certtool --generate-privkey \
-         --sec-param=high \
+         --sec-param high \
          --outfile proxy-ca-key.pem
 # Generate proxy CA.
 echo 'cn = tlsproxy CA' > "$tempfile"
@@ -41,7 +41,7 @@ certtool --generate-self-signed \
 
 # Generate proxy key file.
 certtool --generate-privkey \
-         --sec-param=high \
+         --sec-param high \
          --outfile proxy-key.pem
 
 # Generate proxy "invalid" server certificate. It's used for problematic
@@ -59,4 +59,9 @@ certtool --generate-self-signed \
 
 rm "$tempfile"
 
+# Generate proxy Diffie-Hellman parameters.
+certtool --generate-dh-params \
+         --sec-param high \
+         --outfile proxy-dh.pem
+
 echo done
Certificate verifying tlsproxy, prevents MITMs by (manipulated) CAs by verifying the server certificate.