-
Notifications
You must be signed in to change notification settings - Fork 30.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: use 2048 bit RSA keys #44498
test: use 2048 bit RSA keys #44498
Conversation
Are you planning to update certs and keys in a follow-up PR? |
@lpinca Just realized that these were comitted too, done |
ccdd394
to
814ebc5
Compare
@lpinca This turned to be much more laborious that I previously thought so I scaled it back to simply replacing all 1024 bit keys with 2048 bit keys, I am leaving the 2048->4096 transition to the next unlucky soul because there is a list of hard-coded test vectors produced with another crypto system meant for testing compatibility. There is also the DH512 keys which have been blocked (?) because of the logjam attack, I will do them separately |
bdd42cc
to
a27d6ae
Compare
|
* chore: upgrade to Node.js v20 * src: allow embedders to override NODE_MODULE_VERSION nodejs/node#49279 * src: fix missing trailing , nodejs/node#46909 * src,tools: initialize cppgc nodejs/node#45704 * tools: allow passing absolute path of config.gypi in js2c nodejs/node#49162 * tools: port js2c.py to C++ nodejs/node#46997 * doc,lib: disambiguate the old term, NativeModule nodejs/node#45673 * chore: fixup Node.js BSSL tests * nodejs/node#49492 * nodejs/node#44498 * deps: upgrade to libuv 1.45.0 nodejs/node#48078 * deps: update V8 to 10.7 nodejs/node#44741 * test: use gcUntil() in test-v8-serialize-leak nodejs/node#49168 * module: make CJS load from ESM loader nodejs/node#47999 * src: make BuiltinLoader threadsafe and non-global nodejs/node#45942 * chore: address changes to CJS/ESM loading * module: make CJS load from ESM loader (nodejs/node#47999) * lib: improve esm resolve performance (nodejs/node#46652) * bootstrap: optimize modules loaded in the built-in snapshot nodejs/node#45849 * test: mark test-runner-output as flaky nodejs/node#49854 * lib: lazy-load deps in modules/run_main.js nodejs/node#45849 * url: use private properties for brand check nodejs/node#46904 * test: refactor `test-node-output-errors` nodejs/node#48992 * assert: deprecate callTracker nodejs/node#47740 * src: cast v8::Object::GetInternalField() return value to v8::Value nodejs/node#48943 * test: adapt test-v8-stats for V8 update nodejs/node#45230 * tls: ensure TLS Sockets are closed if the underlying wrap closes nodejs/node#49327 * test: deflake test-tls-socket-close nodejs/node#49575 * net: fix crash due to simultaneous close/shutdown on JS Stream Sockets nodejs/node#49400 * net: use asserts in JS Socket Stream to catch races in future nodejs/node#49400 * lib: fix BroadcastChannel initialization location nodejs/node#46864 * src: create BaseObject with node::Realm nodejs/node#44348 * src: implement DataQueue and non-memory resident Blob nodejs/node#45258 * sea: add support for V8 bytecode-only caching nodejs/node#48191 * chore: fixup patch indices * gyp: put filenames in variables nodejs/node#46965 * build: modify js2c.py into GN executable * fix: (WIP) handle string replacement of fs -> original-fs * [v20.x] backport vm-related memory fixes nodejs/node#49874 * src: make BuiltinLoader threadsafe and non-global nodejs/node#45942 * src: avoid copying string in fs_permission nodejs/node#47746 * look upon my works ye mighty and dispair * chore: patch cleanup * [api] Remove AllCan Read/Write https://chromium-review.googlesource.com/c/v8/v8/+/5006387 * fix: missing include for NODE_EXTERN * chore: fixup patch indices * fix: fail properly when js2c fails in Node.js * build: fix js2c root_gen_dir * fix: lib/fs.js -> lib/original-fs.js * build: fix original-fs file xforms * fixup! module: make CJS load from ESM loader * build: get rid of CppHeap for now * build: add patch to prevent extra fs lookup on esm load * build: greatly simplify js2c modifications Moves our original-fs modifications back into a super simple python script action, wires up the output of that action into our call to js2c * chore: update to handle moved internal/modules/helpers file * test: update @types/node test * feat: enable preventing cppgc heap creation * feat: optionally prevent calling V8::EnableWebAssemblyTrapHandler * fix: no cppgc initialization in the renderer * gyp: put filenames in variables nodejs/node#46965 * test: disable single executable tests * fix: nan tests failing on node headers missing file * tls,http2: send fatal alert on ALPN mismatch nodejs/node#44031 * test: disable snapshot tests * nodejs/node#47887 * nodejs/node#49684 * nodejs/node#44193 * build: use deps/v8 for v8/tools Node.js hard depends on these in their builtins * test: fix edge snapshot stack traces nodejs/node#49659 * build: remove js2c //base dep * build: use electron_js2c_toolchain to build node_js2c * fix: don't create SafeSet outside packageResolve Fixes failure in parallel/test-require-delete-array-iterator: === release test-require-delete-array-iterator === Path: parallel/test-require-delete-array-iterator node:internal/per_context/primordials:426 constructor(i) { super(i); } // eslint-disable-line no-useless-constructor ^ TypeError: object is not iterable (cannot read property Symbol(Symbol.iterator)) at new Set (<anonymous>) at new SafeSet (node:internal/per_context/primordials:426:22) * fix: failing crashReporter tests on Linux These were failing because our change from node::InitializeNodeWithArgs to node::InitializeOncePerProcess meant that we now inadvertently called PlatformInit, which reset signal handling. This meant that our intentional crash function ElectronBindings::Crash no longer worked and the renderer process no longer crashed when process.crash() was called. We don't want to use Node.js' default signal handling in the renderer process, so we disable it by passing kNoDefaultSignalHandling to node::InitializeOncePerProcess. * build: only create cppgc heap on non-32 bit platforms * chore: clean up util:CompileAndCall * src: fix compatility with upcoming V8 12.1 APIs nodejs/node#50709 * fix: use thread_local BuiltinLoader * chore: fixup v8 patch indices --------- Co-authored-by: Keeley Hammond <[email protected]> Co-authored-by: Samuel Attard <[email protected]>
* chore: upgrade to Node.js v20 * src: allow embedders to override NODE_MODULE_VERSION nodejs/node#49279 * src: fix missing trailing , nodejs/node#46909 * src,tools: initialize cppgc nodejs/node#45704 * tools: allow passing absolute path of config.gypi in js2c nodejs/node#49162 * tools: port js2c.py to C++ nodejs/node#46997 * doc,lib: disambiguate the old term, NativeModule nodejs/node#45673 * chore: fixup Node.js BSSL tests * nodejs/node#49492 * nodejs/node#44498 * deps: upgrade to libuv 1.45.0 nodejs/node#48078 * deps: update V8 to 10.7 nodejs/node#44741 * test: use gcUntil() in test-v8-serialize-leak nodejs/node#49168 * module: make CJS load from ESM loader nodejs/node#47999 * src: make BuiltinLoader threadsafe and non-global nodejs/node#45942 * chore: address changes to CJS/ESM loading * module: make CJS load from ESM loader (nodejs/node#47999) * lib: improve esm resolve performance (nodejs/node#46652) * bootstrap: optimize modules loaded in the built-in snapshot nodejs/node#45849 * test: mark test-runner-output as flaky nodejs/node#49854 * lib: lazy-load deps in modules/run_main.js nodejs/node#45849 * url: use private properties for brand check nodejs/node#46904 * test: refactor `test-node-output-errors` nodejs/node#48992 * assert: deprecate callTracker nodejs/node#47740 * src: cast v8::Object::GetInternalField() return value to v8::Value nodejs/node#48943 * test: adapt test-v8-stats for V8 update nodejs/node#45230 * tls: ensure TLS Sockets are closed if the underlying wrap closes nodejs/node#49327 * test: deflake test-tls-socket-close nodejs/node#49575 * net: fix crash due to simultaneous close/shutdown on JS Stream Sockets nodejs/node#49400 * net: use asserts in JS Socket Stream to catch races in future nodejs/node#49400 * lib: fix BroadcastChannel initialization location nodejs/node#46864 * src: create BaseObject with node::Realm nodejs/node#44348 * src: implement DataQueue and non-memory resident Blob nodejs/node#45258 * sea: add support for V8 bytecode-only caching nodejs/node#48191 * chore: fixup patch indices * gyp: put filenames in variables nodejs/node#46965 * build: modify js2c.py into GN executable * fix: (WIP) handle string replacement of fs -> original-fs * [v20.x] backport vm-related memory fixes nodejs/node#49874 * src: make BuiltinLoader threadsafe and non-global nodejs/node#45942 * src: avoid copying string in fs_permission nodejs/node#47746 * look upon my works ye mighty and dispair * chore: patch cleanup * [api] Remove AllCan Read/Write https://chromium-review.googlesource.com/c/v8/v8/+/5006387 * fix: missing include for NODE_EXTERN * chore: fixup patch indices * fix: fail properly when js2c fails in Node.js * build: fix js2c root_gen_dir * fix: lib/fs.js -> lib/original-fs.js * build: fix original-fs file xforms * fixup! module: make CJS load from ESM loader * build: get rid of CppHeap for now * build: add patch to prevent extra fs lookup on esm load * build: greatly simplify js2c modifications Moves our original-fs modifications back into a super simple python script action, wires up the output of that action into our call to js2c * chore: update to handle moved internal/modules/helpers file * test: update @types/node test * feat: enable preventing cppgc heap creation * feat: optionally prevent calling V8::EnableWebAssemblyTrapHandler * fix: no cppgc initialization in the renderer * gyp: put filenames in variables nodejs/node#46965 * test: disable single executable tests * fix: nan tests failing on node headers missing file * tls,http2: send fatal alert on ALPN mismatch nodejs/node#44031 * test: disable snapshot tests * nodejs/node#47887 * nodejs/node#49684 * nodejs/node#44193 * build: use deps/v8 for v8/tools Node.js hard depends on these in their builtins * test: fix edge snapshot stack traces nodejs/node#49659 * build: remove js2c //base dep * build: use electron_js2c_toolchain to build node_js2c * fix: don't create SafeSet outside packageResolve Fixes failure in parallel/test-require-delete-array-iterator: === release test-require-delete-array-iterator === Path: parallel/test-require-delete-array-iterator node:internal/per_context/primordials:426 constructor(i) { super(i); } // eslint-disable-line no-useless-constructor ^ TypeError: object is not iterable (cannot read property Symbol(Symbol.iterator)) at new Set (<anonymous>) at new SafeSet (node:internal/per_context/primordials:426:22) * fix: failing crashReporter tests on Linux These were failing because our change from node::InitializeNodeWithArgs to node::InitializeOncePerProcess meant that we now inadvertently called PlatformInit, which reset signal handling. This meant that our intentional crash function ElectronBindings::Crash no longer worked and the renderer process no longer crashed when process.crash() was called. We don't want to use Node.js' default signal handling in the renderer process, so we disable it by passing kNoDefaultSignalHandling to node::InitializeOncePerProcess. * build: only create cppgc heap on non-32 bit platforms * chore: clean up util:CompileAndCall * src: fix compatility with upcoming V8 12.1 APIs nodejs/node#50709 * fix: use thread_local BuiltinLoader * chore: fixup v8 patch indices --------- Co-authored-by: Keeley Hammond <[email protected]> Co-authored-by: Samuel Attard <[email protected]>
Refs: nodejs#44498 Refs: nodejs#53382 Key sizes were increased to 2048 in PR 44498 including the configuration file for the generation of ca2-cert.pem. However, it seems like updating ca2-cert.pem and related files themselves were missed as they were not updated in the PR and the ca2-cert.pem reported as being associated with a 1024 bit key. I believe that was the cause of some of the failures mentioned in nodejs#53382 as OpenSSL 3.2 increased the default security level from 1 to 2 and that would mean that certificates associated with keys of 1024 bits would no longer be accepted. This PR updates the key size for ca2-cert.pem. It was not necessary to change the config, only run the generation for the ca2-cert.pem and related files. Signed-off-by: Michael Dawson <[email protected]>
Refs: #44498 Refs: #53382 Key sizes were increased to 2048 in PR 44498 including the configuration file for the generation of ca2-cert.pem. However, it seems like updating ca2-cert.pem and related files themselves were missed as they were not updated in the PR and the ca2-cert.pem reported as being associated with a 1024 bit key. I believe that was the cause of some of the failures mentioned in #53382 as OpenSSL 3.2 increased the default security level from 1 to 2 and that would mean that certificates associated with keys of 1024 bits would no longer be accepted. This PR updates the key size for ca2-cert.pem. It was not necessary to change the config, only run the generation for the ca2-cert.pem and related files. Signed-off-by: Michael Dawson <[email protected]> PR-URL: #54599 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: James M Snell <[email protected]>
Refs: #44498 Refs: #53382 Key sizes were increased to 2048 in PR 44498 including the configuration file for the generation of ca2-cert.pem. However, it seems like updating ca2-cert.pem and related files themselves were missed as they were not updated in the PR and the ca2-cert.pem reported as being associated with a 1024 bit key. I believe that was the cause of some of the failures mentioned in #53382 as OpenSSL 3.2 increased the default security level from 1 to 2 and that would mean that certificates associated with keys of 1024 bits would no longer be accepted. This PR updates the key size for ca2-cert.pem. It was not necessary to change the config, only run the generation for the ca2-cert.pem and related files. Signed-off-by: Michael Dawson <[email protected]> PR-URL: #54599 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: James M Snell <[email protected]>
Refs: #44498 Refs: #53382 Key sizes were increased to 2048 in PR 44498 including the configuration file for the generation of ca2-cert.pem. However, it seems like updating ca2-cert.pem and related files themselves were missed as they were not updated in the PR and the ca2-cert.pem reported as being associated with a 1024 bit key. I believe that was the cause of some of the failures mentioned in #53382 as OpenSSL 3.2 increased the default security level from 1 to 2 and that would mean that certificates associated with keys of 1024 bits would no longer be accepted. This PR updates the key size for ca2-cert.pem. It was not necessary to change the config, only run the generation for the ca2-cert.pem and related files. Signed-off-by: Michael Dawson <[email protected]> PR-URL: #54599 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: James M Snell <[email protected]>
Refs: #44498 Refs: #53382 Key sizes were increased to 2048 in PR 44498 including the configuration file for the generation of ca2-cert.pem. However, it seems like updating ca2-cert.pem and related files themselves were missed as they were not updated in the PR and the ca2-cert.pem reported as being associated with a 1024 bit key. I believe that was the cause of some of the failures mentioned in #53382 as OpenSSL 3.2 increased the default security level from 1 to 2 and that would mean that certificates associated with keys of 1024 bits would no longer be accepted. This PR updates the key size for ca2-cert.pem. It was not necessary to change the config, only run the generation for the ca2-cert.pem and related files. Signed-off-by: Michael Dawson <[email protected]> PR-URL: #54599 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: James M Snell <[email protected]>
Refs: nodejs#44498 Refs: nodejs#53382 Key sizes were increased to 2048 in PR 44498 including the configuration file for the generation of ca2-cert.pem. However, it seems like updating ca2-cert.pem and related files themselves were missed as they were not updated in the PR and the ca2-cert.pem reported as being associated with a 1024 bit key. I believe that was the cause of some of the failures mentioned in nodejs#53382 as OpenSSL 3.2 increased the default security level from 1 to 2 and that would mean that certificates associated with keys of 1024 bits would no longer be accepted. This PR updates the key size for ca2-cert.pem. It was not necessary to change the config, only run the generation for the ca2-cert.pem and related files. Signed-off-by: Michael Dawson <[email protected]> PR-URL: nodejs#54599 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: James M Snell <[email protected]>
Refs: #44498 Refs: #53382 Key sizes were increased to 2048 in PR 44498 including the configuration file for the generation of ca2-cert.pem. However, it seems like updating ca2-cert.pem and related files themselves were missed as they were not updated in the PR and the ca2-cert.pem reported as being associated with a 1024 bit key. I believe that was the cause of some of the failures mentioned in #53382 as OpenSSL 3.2 increased the default security level from 1 to 2 and that would mean that certificates associated with keys of 1024 bits would no longer be accepted. This PR updates the key size for ca2-cert.pem. It was not necessary to change the config, only run the generation for the ca2-cert.pem and related files. Signed-off-by: Michael Dawson <[email protected]> PR-URL: #54599 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: James M Snell <[email protected]>
Refs: #44498 Refs: #53382 Key sizes were increased to 2048 in PR 44498 including the configuration file for the generation of ca2-cert.pem. However, it seems like updating ca2-cert.pem and related files themselves were missed as they were not updated in the PR and the ca2-cert.pem reported as being associated with a 1024 bit key. I believe that was the cause of some of the failures mentioned in #53382 as OpenSSL 3.2 increased the default security level from 1 to 2 and that would mean that certificates associated with keys of 1024 bits would no longer be accepted. This PR updates the key size for ca2-cert.pem. It was not necessary to change the config, only run the generation for the ca2-cert.pem and related files. Signed-off-by: Michael Dawson <[email protected]> PR-URL: #54599 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: James M Snell <[email protected]>
Refs: nodejs#44498 Refs: nodejs#53382 Key sizes were increased to 2048 in PR 44498 including the configuration file for the generation of ca2-cert.pem. However, it seems like updating ca2-cert.pem and related files themselves were missed as they were not updated in the PR and the ca2-cert.pem reported as being associated with a 1024 bit key. I believe that was the cause of some of the failures mentioned in nodejs#53382 as OpenSSL 3.2 increased the default security level from 1 to 2 and that would mean that certificates associated with keys of 1024 bits would no longer be accepted. This PR updates the key size for ca2-cert.pem. It was not necessary to change the config, only run the generation for the ca2-cert.pem and related files. Signed-off-by: Michael Dawson <[email protected]> PR-URL: nodejs#54599 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: James M Snell <[email protected]>
Refs: #44498 Refs: #53382 Key sizes were increased to 2048 in PR 44498 including the configuration file for the generation of ca2-cert.pem. However, it seems like updating ca2-cert.pem and related files themselves were missed as they were not updated in the PR and the ca2-cert.pem reported as being associated with a 1024 bit key. I believe that was the cause of some of the failures mentioned in #53382 as OpenSSL 3.2 increased the default security level from 1 to 2 and that would mean that certificates associated with keys of 1024 bits would no longer be accepted. This PR updates the key size for ca2-cert.pem. It was not necessary to change the config, only run the generation for the ca2-cert.pem and related files. Signed-off-by: Michael Dawson <[email protected]> PR-URL: #54599 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: James M Snell <[email protected]>
Refs: nodejs#44498 Refs: nodejs#53382 Key sizes were increased to 2048 in PR 44498 including the configuration file for the generation of ca2-cert.pem. However, it seems like updating ca2-cert.pem and related files themselves were missed as they were not updated in the PR and the ca2-cert.pem reported as being associated with a 1024 bit key. I believe that was the cause of some of the failures mentioned in nodejs#53382 as OpenSSL 3.2 increased the default security level from 1 to 2 and that would mean that certificates associated with keys of 1024 bits would no longer be accepted. This PR updates the key size for ca2-cert.pem. It was not necessary to change the config, only run the generation for the ca2-cert.pem and related files. Signed-off-by: Michael Dawson <[email protected]> PR-URL: nodejs#54599 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: James M Snell <[email protected]>
since 1024 is already deprecated by OpenSSL and causes "too small key" issues on systems enforcing a minimum size. Similar issue here: nodejs/node#44498 The minimum key size is not yet changed from 1024, this will require more effort for deprecation. BUG=webrtc:364338811 Change-Id: Id4b24a2c289ec5e3f112288d32b8ac697ba1cfed Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/361128 Reviewed-by: David Benjamin <[email protected]> Reviewed-by: Harald Alvestrand <[email protected]> Commit-Queue: Philipp Hancke <[email protected]> Cr-Commit-Position: refs/heads/main@{#43110}
Refs: #44498 Refs: #53382 Key sizes were increased to 2048 in PR 44498 including the configuration file for the generation of ca2-cert.pem. However, it seems like updating ca2-cert.pem and related files themselves were missed as they were not updated in the PR and the ca2-cert.pem reported as being associated with a 1024 bit key. I believe that was the cause of some of the failures mentioned in #53382 as OpenSSL 3.2 increased the default security level from 1 to 2 and that would mean that certificates associated with keys of 1024 bits would no longer be accepted. This PR updates the key size for ca2-cert.pem. It was not necessary to change the config, only run the generation for the ca2-cert.pem and related files. Signed-off-by: Michael Dawson <[email protected]> PR-URL: #54599 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: James M Snell <[email protected]>
Refs: nodejs#44498 Refs: nodejs#53382 Key sizes were increased to 2048 in PR 44498 including the configuration file for the generation of ca2-cert.pem. However, it seems like updating ca2-cert.pem and related files themselves were missed as they were not updated in the PR and the ca2-cert.pem reported as being associated with a 1024 bit key. I believe that was the cause of some of the failures mentioned in nodejs#53382 as OpenSSL 3.2 increased the default security level from 1 to 2 and that would mean that certificates associated with keys of 1024 bits would no longer be accepted. This PR updates the key size for ca2-cert.pem. It was not necessary to change the config, only run the generation for the ca2-cert.pem and related files. Signed-off-by: Michael Dawson <[email protected]> PR-URL: nodejs#54599 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: James M Snell <[email protected]>
Refs: nodejs#44498 Refs: nodejs#53382 Key sizes were increased to 2048 in PR 44498 including the configuration file for the generation of ca2-cert.pem. However, it seems like updating ca2-cert.pem and related files themselves were missed as they were not updated in the PR and the ca2-cert.pem reported as being associated with a 1024 bit key. I believe that was the cause of some of the failures mentioned in nodejs#53382 as OpenSSL 3.2 increased the default security level from 1 to 2 and that would mean that certificates associated with keys of 1024 bits would no longer be accepted. This PR updates the key size for ca2-cert.pem. It was not necessary to change the config, only run the generation for the ca2-cert.pem and related files. Signed-off-by: Michael Dawson <[email protected]> PR-URL: nodejs#54599 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: James M Snell <[email protected]>
Upstream commit: https://webrtc.googlesource.com/src/+/d79a1859e058b6a030177b24ed8e4bb14525af79 ssl: increase default RSA key size to 2048 bits since 1024 is already deprecated by OpenSSL and causes "too small key" issues on systems enforcing a minimum size. Similar issue here: nodejs/node#44498 The minimum key size is not yet changed from 1024, this will require more effort for deprecation. BUG=webrtc:364338811 Change-Id: Id4b24a2c289ec5e3f112288d32b8ac697ba1cfed Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/361128 Reviewed-by: David Benjamin <[email protected]> Reviewed-by: Harald Alvestrand <[email protected]> Commit-Queue: Philipp Hancke <[email protected]> Cr-Commit-Position: refs/heads/main@{#43110}
Upstream commit: https://webrtc.googlesource.com/src/+/d79a1859e058b6a030177b24ed8e4bb14525af79 ssl: increase default RSA key size to 2048 bits since 1024 is already deprecated by OpenSSL and causes "too small key" issues on systems enforcing a minimum size. Similar issue here: nodejs/node#44498 The minimum key size is not yet changed from 1024, this will require more effort for deprecation. BUG=webrtc:364338811 Change-Id: Id4b24a2c289ec5e3f112288d32b8ac697ba1cfed Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/361128 Reviewed-by: David Benjamin <davidbenwebrtc.org> Reviewed-by: Harald Alvestrand <htawebrtc.org> Commit-Queue: Philipp Hancke <phanckemeta.com> Cr-Commit-Position: refs/heads/main{#43110} UltraBlame original commit: a674447f7a1f2d87718780cf2311b324c10f5384
Upstream commit: https://webrtc.googlesource.com/src/+/d79a1859e058b6a030177b24ed8e4bb14525af79 ssl: increase default RSA key size to 2048 bits since 1024 is already deprecated by OpenSSL and causes "too small key" issues on systems enforcing a minimum size. Similar issue here: nodejs/node#44498 The minimum key size is not yet changed from 1024, this will require more effort for deprecation. BUG=webrtc:364338811 Change-Id: Id4b24a2c289ec5e3f112288d32b8ac697ba1cfed Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/361128 Reviewed-by: David Benjamin <davidbenwebrtc.org> Reviewed-by: Harald Alvestrand <htawebrtc.org> Commit-Queue: Philipp Hancke <phanckemeta.com> Cr-Commit-Position: refs/heads/main{#43110} UltraBlame original commit: a674447f7a1f2d87718780cf2311b324c10f5384
Upstream commit: https://webrtc.googlesource.com/src/+/d79a1859e058b6a030177b24ed8e4bb14525af79 ssl: increase default RSA key size to 2048 bits since 1024 is already deprecated by OpenSSL and causes "too small key" issues on systems enforcing a minimum size. Similar issue here: nodejs/node#44498 The minimum key size is not yet changed from 1024, this will require more effort for deprecation. BUG=webrtc:364338811 Change-Id: Id4b24a2c289ec5e3f112288d32b8ac697ba1cfed Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/361128 Reviewed-by: David Benjamin <davidbenwebrtc.org> Reviewed-by: Harald Alvestrand <htawebrtc.org> Commit-Queue: Philipp Hancke <phanckemeta.com> Cr-Commit-Position: refs/heads/main{#43110} UltraBlame original commit: a674447f7a1f2d87718780cf2311b324c10f5384
Upstream commit: https://webrtc.googlesource.com/src/+/d79a1859e058b6a030177b24ed8e4bb14525af79 ssl: increase default RSA key size to 2048 bits since 1024 is already deprecated by OpenSSL and causes "too small key" issues on systems enforcing a minimum size. Similar issue here: nodejs/node#44498 The minimum key size is not yet changed from 1024, this will require more effort for deprecation. BUG=webrtc:364338811 Change-Id: Id4b24a2c289ec5e3f112288d32b8ac697ba1cfed Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/361128 Reviewed-by: David Benjamin <[email protected]> Reviewed-by: Harald Alvestrand <[email protected]> Commit-Queue: Philipp Hancke <[email protected]> Cr-Commit-Position: refs/heads/main@{#43110}
OpenSSL now requires at least 2048
Refs: #44497