From: Simon Ruderich Date: Fri, 12 Apr 2013 14:51:52 +0000 (+0200) Subject: src/tlsproxy-setup: Use --sec-param=high. X-Git-Url: https://ruderich.org/simon/gitweb/?a=commitdiff_plain;h=2768e020f19f47e0d31ed883698a5aba1ad9d3a8;p=tlsproxy%2Ftlsproxy.git src/tlsproxy-setup: Use --sec-param=high. This creates a bigger RSA key. Not really relevant in our case because the connection stays local (proxy to client), but it's a good example. --- diff --git a/src/tlsproxy-setup b/src/tlsproxy-setup index a9e440b..ff5d3bd 100755 --- a/src/tlsproxy-setup +++ b/src/tlsproxy-setup @@ -27,6 +27,7 @@ trap 'rm -f "$tempfile"' EXIT # Generate proxy CA key file. certtool --generate-privkey \ + --sec-param=high \ --outfile proxy-ca-key.pem # Generate proxy CA. echo 'cn = tlsproxy CA' > "$tempfile" @@ -40,6 +41,7 @@ certtool --generate-self-signed \ # Generate proxy key file. certtool --generate-privkey \ + --sec-param=high \ --outfile proxy-key.pem # Generate proxy "invalid" server certificate. It's used for problematic