[openssl-dev] [openssl.org #3854] openssl.cnf in openssl-1.0.1m still uses default_bits=1024
Emilia Käsper via RT
rt at openssl.org
Mon Feb 1 23:21:29 UTC 2016
1.0.1m predates Logjam. We changed DH key generation to use 2048 bits by
default in OpenSSL 1.0.1n which is the first 1.0.1 release after.
The default_bits in apps/openssl.cnf is a sample certificate request
configuration and isn't really related to Logjam. But we changed it as well as
other key generation apps to use 2048 bits more comprehensively in 1.0.2.
More context:
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
All these other conf files look like very old demo examples. They should
probably be cleaned up. I'm leaving this ticket open to remind us.
Cheers,
Emilia
More information about the openssl-dev
mailing list