From owner-freebsd-doc@FreeBSD.ORG Mon Jun 8 20:58:57 2015 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2DBE666B for ; Mon, 8 Jun 2015 20:58:57 +0000 (UTC) (envelope-from roland@micite.net) Received: from mail.micite.net (lawrencium.micite.net [149.210.214.224]) by mx1.freebsd.org (Postfix) with ESMTP id E508310E4 for ; Mon, 8 Jun 2015 20:58:56 +0000 (UTC) (envelope-from roland@micite.net) Received: from [192.168.1.73] (s529d340f.adsl.online.nl [82.157.52.15]) by mail.micite.net (Postfix) with ESMTPSA id 431797C3E for ; Mon, 8 Jun 2015 22:50:36 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=micite.net; s=20150418; t=1433796636; bh=Dtrod7XR3v8E/8/lhJAFhLby4OVGq93ug1vMGZOVaOU=; h=Date:From:To:Subject:References:In-Reply-To; b=AEJDE+q8jMmpf23YzAP5BX7hlPqc/Heee04PtjwF3qpQYogf+02VO/TxCf9geb19+ EHzUcDwKCAqyboihJHGvZF9RLJJUpomK6aMiu0uEKg8WIAu8LqnzLpPHSgqRay0vLN BSJ3knKTtPSf0g3VYXQSgHC1sk6foeHBQ+IimCok= Message-ID: <5576001B.6040806@micite.net> Date: Mon, 08 Jun 2015 22:50:35 +0200 From: Roland van Laar User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-doc@freebsd.org Subject: Re: [Bug 199379] [PATCH] Update SSL key generation to today's standards. References: In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2015 20:58:57 -0000 Hello, I submitted this patch almost 2 months back. It is a patch to help FreeBSD users generate secure SSL keys. What can I do to get this patch excepted? Regards, Roland On 11-04-15 16:50, bugzilla-noreply@freebsd.org wrote: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199379 > > Bug ID: 199379 > Summary: [PATCH] Update SSL key generation to today's > standards. > Product: Documentation > Version: Latest > Hardware: Any > OS: Any > Status: New > Keywords: patch > Severity: Affects Only Me > Priority: --- > Component: Documentation > Assignee: freebsd-doc@FreeBSD.org > Reporter: roland@micite.net > Keywords: patch > > Created attachment 155478 > --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=155478&action=edit > Patch for openssl chapter in handbook. > > The current SSL key generation chapter contains a few inaccuracies and > the generated keys are not up to date with today's standards. > > This patch shows how to generate secure keys and includes a good place for more > information, namely the openssl cookbook. > > Mainly: > > - Use RSA for key generation, instead of DSA. > - Fix documentation that lied about generation an RSA key while it actually was > DSA. > - Use SHA256 for signatures instead of older SHA1: > http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html > - Use recommended 2048 bits instead of 1024. >