summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
dd7d64f)
problem is that some clients refuse to connect to severs that only offer
1024. For interoperability it would be best to just use 4096, but that
takes minutes, even on current hardware.
Creating a self-signed certificate and key:
$ openssl req -newkey rsa:2048 -x509 -keyout server-key.pem -out server-cert.pem -days 1461
Create DH parameters (optional):
Creating a self-signed certificate and key:
$ openssl req -newkey rsa:2048 -x509 -keyout server-key.pem -out server-cert.pem -days 1461
Create DH parameters (optional):
- $ openssl dhparam -2 -out dhparams.pem 2048
+ $ openssl dhparam -2 -out dhparams.pem 4096
$ certtool --generate-privkey --bits 2048 --outfile server-key.pem
$ certtool --generate-self-signed --load-privkey server-key.pem --outfile server-cert.pem
Create DH parameters (optional):
$ certtool --generate-privkey --bits 2048 --outfile server-key.pem
$ certtool --generate-self-signed --load-privkey server-key.pem --outfile server-cert.pem
Create DH parameters (optional):
- $ certtool --generate-dh-params --bits 2048 --outfile dhparams.pem
+ $ certtool --generate-dh-params --bits 4096 --outfile dhparams.pem
Alternate approach using stunnel(1)
Alternate approach using stunnel(1)
#include <unistd.h>
#include <gnutls/x509.h>
#include <unistd.h>
#include <gnutls/x509.h>
static gnutls_certificate_credentials_t x509_cred;
static gnutls_dh_params_t dh_params;
static gnutls_certificate_credentials_t x509_cred;
static gnutls_dh_params_t dh_params;