[PATCH] virnettlshelpers: Update private key
Peter Krempa
pkrempa at redhat.com
Tue Jul 13 09:25:31 UTC 2021
On Tue, Jul 13, 2021 at 08:57:30 +0200, Michal Privoznik wrote:
> In not so distant past (v6.5.0~3) I've updated the private key we
> use for virnettls* tests. Back then I was driven by Fedora 33
> change which deprecated RSA-1024 which we used back then. I
> generated an EC-384 key which was fine as it was considered
> strong enough until RHEL-9 came along. RHEL-9 no longer considers
> any of EC keys strong enough (for key exchange) and thus we're
> back to RSA, but this time with 2048 bits. Generated by this cmd
> line:
I'd go for 4096 bits to stay ahead a bit.
>
> openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048
>
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
My quick google search yielded just some JDK changes for improving the
implementation of EC algorithms:
https://bugs.openjdk.java.net/browse/JDK-8208698
but nothing that would state it's no longer secure or anything.
Either way.
Reviewed-by: Peter Krempa <pkrempa at redhat.com>
More information about the libvir-list
mailing list