[issue34542] [TLS] Update test certs to future proof settings
Christian Heimes
report at bugs.python.org
Wed Aug 29 10:17:16 EDT 2018
New submission from Christian Heimes <lists at cheimes.de>:
In bug #34399, I updated all RSA keys to 2048. However that not sufficient for future proof settings. Fedora's FUTURE crypto policy requires 3072bit RSA keys. Further more, I forgot to update the signature algorithm, too.
* RSA >= 3072bits
* finite field DH >= 3072bits
* signature algorithm with SHA2-256 or SHA2-384 PKCSv1 #1.5 (I don't think RSASSA-PSS works with OpenSSL 1.0.2 or TLS < 1.0)
----------
assignee: christian.heimes
components: SSL
messages: 324324
nosy: alex, christian.heimes, dstufft, janssen
priority: normal
severity: normal
stage: test needed
status: open
title: [TLS] Update test certs to future proof settings
type: behavior
versions: Python 2.7, Python 3.6, Python 3.7, Python 3.8
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue34542>
_______________________________________
More information about the Python-bugs-list
mailing list