diff options
| author | Attila Molnar <attilamolnar@hush.com> | 2015-11-03 13:09:27 +0100 |
|---|---|---|
| committer | Attila Molnar <attilamolnar@hush.com> | 2015-11-03 13:09:27 +0100 |
| commit | a652cdd9d9cb39ee1847bb393d7baa6c32340520 (patch) | |
| tree | 5adc15f51deab9b2dde1c7eaf423cb51e66d933e | |
| parent | 3f8f2c7a0befea58f3f298e3a5632fefa4fd3e57 (diff) | |
| parent | 7d0b4a4a07d01b4800833a635510c297b863bad7 (diff) | |
Merge pull request #1104 from SaberUK/insp20+secure-cert
[2.0] Generate a 2048-bit dhparams unless explicitly specified.
| -rw-r--r-- | make/opensslcert.pm | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/make/opensslcert.pm b/make/opensslcert.pm index 1bf27df15..20da704f7 100644 --- a/make/opensslcert.pm +++ b/make/opensslcert.pm @@ -46,6 +46,7 @@ sub make_openssl_cert() my $state = promptstring_s('What state are you located in?', 'Example State'); my $country = promptstring_s('What is the ISO 3166-1 code for the country you are located in?', 'XZ'); my $time = promptstring_s('How many days do you want your certificate to be valid for?', '365'); + my $use_1024 = promptstring_s('Do you want to generate less secure dhparams which are compatible with old versions of Java?', 'n'); print FH <<__END__; $country $state @@ -56,8 +57,9 @@ $commonname $email __END__ close(FH); -system("cat openssl.template | openssl req -x509 -nodes -newkey rsa:1024 -keyout key.pem -out cert.pem -days $time 2>/dev/null"); -system("openssl dhparam -out dhparams.pem 1024"); +my $dhbits = $use_1024 =~ /^(1|on|true|yes|y)$/ ? 1024 : 2048; +system("cat openssl.template | openssl req -x509 -nodes -newkey rsa:2048 -keyout key.pem -out cert.pem -days $time 2>/dev/null"); +system("openssl dhparam -out dhparams.pem $dhbits"); unlink("openssl.template"); } |