diff options
| author | Emilia Kasper <emilia@openssl.org> | 2016-02-02 17:12:45 +0100 |
|---|---|---|
| committer | Emilia Kasper <emilia@openssl.org> | 2016-02-12 14:09:26 +0100 |
| commit | a76265574398944d686d2d0de9bacca162f555ca (patch) | |
| tree | e1c3f6030333197534147157bf56423b8fedc749 | |
| parent | 04f171c09624cd2e9c00152a30cb22637c694ac1 (diff) | |
| download | openssl-a76265574398944d686d2d0de9bacca162f555ca.tar.gz | |
RT 3854: Update apps/req
Change the default keysize to 2048 bits, and the minimum to 512 bits.
Reviewed-by: Rich Salz <rsalz@openssl.org>
| -rw-r--r-- | apps/req.c | 4 | ||||
| -rw-r--r-- | doc/apps/req.pod | 9 |
2 files changed, 8 insertions, 5 deletions
diff --git a/apps/req.c b/apps/req.c index 3ced1706f0..66bcabcdac 100644 --- a/apps/req.c +++ b/apps/req.c @@ -89,8 +89,8 @@ #define STRING_MASK "string_mask" #define UTF8_IN "utf8" -#define DEFAULT_KEY_LENGTH 512 -#define MIN_KEY_LENGTH 384 +#define DEFAULT_KEY_LENGTH 2048 +#define MIN_KEY_LENGTH 512 static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *dn, int mutlirdn, int attribs, unsigned long chtype); diff --git a/doc/apps/req.pod b/doc/apps/req.pod index 9593dec2d5..12a0687a8a 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -324,9 +324,12 @@ configuration file values. =item B<default_bits> -This specifies the default key size in bits. If not specified then -512 is used. It is used if the B<-new> option is used. It can be -overridden by using the B<-newkey> option. +Specifies the default key size in bits. + +This option is used in conjunction with the B<-new> option to generate +a new key. It can be overridden by specifying an explicit key size in +the B<-newkey> option. The smallest accepted key size is 512 bits. If +no key size is specified then 2048 bits is used. =item B<default_keyfile> |