Dot not use weak ciphers.

2015-07-22 09:56:04 +02:00 · 2015-07-22 09:56:04 +02:00 · c70498d6bc
parent d80a9876d2
commit c70498d6bc
2 changed files with 3 additions and 3 deletions
--- a/openssl.cnf
+++ b/openssl.cnf
@ -13,7 +13,7 @@ private_key     = $dir/private.key
 RANDFILE        = $dir/.rand
 default_days    = 365
 default_crl_days= 365
-default_md      = md5
+default_md      = sha256
 preserve        = no
 policy          = policy_match

@ -26,7 +26,7 @@ commonName              = supplied
 emailAddress            = supplied

 [ req ]
-default_bits            = 1024
+default_bits            = 2048
 distinguished_name      = req_distinguished_name

 [ req_distinguished_name ]
--- a/shellpki.sh
+++ b/shellpki.sh
@ -29,7 +29,7 @@ init() {
    if [ ! -f $PREFIX/ca/index.txt ]; then touch $PREFIX/ca/index.txt; fi
    if [ ! -f $PREFIX/files/ca/serial ]; then echo 01 > $PREFIX/ca/serial; fi

-$OPENSSL dhparam -out $PREFIX/ca/dh1024.pem 1024
+$OPENSSL dhparam -out $PREFIX/ca/dh2048.pem 2048
 $OPENSSL genrsa  -out $PREFIX/ca/private.key 2048

 $OPENSSL req            	    \