Date: Mon, 28 Jul 2014 22:39:50 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-doc@FreeBSD.org Subject: [Bug 192225] New: Updates and corrections to OpenSSL section of the Handbook (14.6.1) Message-ID: <bug-192225-9@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192225 Bug ID: 192225 Summary: Updates and corrections to OpenSSL section of the Handbook (14.6.1) Product: Documentation Version: Latest Hardware: Any OS: Any Status: Needs Triage Severity: Affects Many People Priority: Normal Component: Documentation Assignee: freebsd-doc@FreeBSD.org Reporter: rsimmons0@gmail.com Created attachment 145107 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=145107&action=edit diff with corrections The attached patch addresses the following items: 1) Minimum of 2048 bit keys are now recommended, with 1024 bit being deprecated. 2) RSA or ECDSA are preferred over DSA, so the example now uses RSA. 3) Key, request, and certificate file names are all now consistent. 4) The self signed cert instructions are clearer with just two steps, and are in line with the instructions in OpenSSL's documentation. 5) Key generation step changed to use the currently preferred genpkey (in line with the man page's notes that other commands have been obsoleted/superseded by genpkey). 6) Added a step to create an empty key file with proper permissions before key creation. The way the key was being generated before left a possibly world readable private key file on the file system for a period of time until the user changes the permissions with chmod. 7) Fixed a typo in the recommended permissions from 0700 to 0600. There's no need to set this as executable. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-192225-9>