tls: Stop hardcoding 2048 bit RSA key length

These are rejected as "too weak" by the "FUTURE" crypto policy. Let the tools decide about appropriate defaults rather. Thanks to Renaud Métrich for finding this! https://issues.redhat.com/browse/RHEL-78645
cockpit-project · Feb 11, 2025 · c3a64be · c3a64be
1 parent 3ea4f53
commit c3a64be
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/src/tls/cockpit-certificate-helper.in b/src/tls/cockpit-certificate-helper.in
@@ -30,7 +30,6 @@ install_key() {
 selfsign_sscg() {
     sscg --quiet \
         --lifetime "${DAYS}" \
-        --key-strength 2048 \
         --cert-key-file "${KEYFILE}" \
         --cert-file "${CERTFILE}" \
         --ca-file "${CA_FILE}" \
@@ -43,7 +42,7 @@ selfsign_sscg() {
 selfsign_openssl() {
     openssl req -x509 \
         -days "${DAYS}" \
-        -newkey rsa:2048 \
+        -newkey rsa \
         -keyout "${KEYFILE}" \
         -keyform PEM \
         -nodes \