Bug#598732: marked as done (/usr/share/ssl-cert/ssleay.cnf should use 2048 bits)
Your message dated Sat, 02 Oct 2010 13:02:43 +0000
with message-id <E1P21jf-0008QL-2B@franck.debian.org>
and subject line Bug#598732: fixed in ssl-cert 1.0.27
has caused the Debian Bug report #598732,
regarding /usr/share/ssl-cert/ssleay.cnf should use 2048 bits
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
598732: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598732
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: ssl-cert
Version: 1.0.26
Severity: normal
this is the shipped version of /usr/share/ssl-cert/ssleay.cnf, which
is used for make-ssl-cert to generate the default key and "snakeoil"
certificate.
-----------------
#
# SSLeay example configuration file.
#
RANDFILE = /dev/urandom
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
prompt = no
policy = policy_anything
[ req_distinguished_name ]
commonName = @HostName@
--------------------------------
It should default to 2048 bits at least, not 1024.
* many free software crypto tools are defaulting to 2048-bit keys now
(e.g. OpenSSH, GnuPG)
* NIST has recommended avoiding reliance on 1024-bit keys after the
end of 2010
* you can compare other comparable standards at http://keylength.com/
It would be a shame if squeeze shipped with this default set below
some common expectations of a key to last at least the lifetime of a
debian release.
Thanks for maintaining ssl-cert!
--dkg
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.36-rc5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages ssl-cert depends on:
ii adduser 3.112 add and remove users and groups
ii debconf [debconf-2.0] 1.5.35 Debian configuration management sy
ii openssl 0.9.8o-2 Secure Socket Layer (SSL) binary a
ssl-cert recommends no packages.
Versions of packages ssl-cert suggests:
ii openssl-blacklist 0.5-2 list of blacklisted OpenSSL RSA ke
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: ssl-cert
Source-Version: 1.0.27
We believe that the bug you reported is fixed in the latest version of
ssl-cert, which is due to be installed in the Debian FTP archive:
ssl-cert_1.0.27.dsc
to main/s/ssl-cert/ssl-cert_1.0.27.dsc
ssl-cert_1.0.27.tar.gz
to main/s/ssl-cert/ssl-cert_1.0.27.tar.gz
ssl-cert_1.0.27_all.deb
to main/s/ssl-cert/ssl-cert_1.0.27_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 598732@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated ssl-cert package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 02 Oct 2010 14:46:52 +0200
Source: ssl-cert
Binary: ssl-cert
Architecture: source all
Version: 1.0.27
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
ssl-cert - simple debconf wrapper for OpenSSL
Closes: 598732
Changes:
ssl-cert (1.0.27) unstable; urgency=low
.
* Make default key length 2048 bits. Closes: #598732
Checksums-Sha1:
e70fecd76315217405d32dacdf3dc4f30cd07796 940 ssl-cert_1.0.27.dsc
0817bc99bf076128079c7f52be7d07a4eb1b5821 22217 ssl-cert_1.0.27.tar.gz
5c2d5ce55924ed112622e57b37a9654b306fa5a7 14530 ssl-cert_1.0.27_all.deb
Checksums-Sha256:
61b9b73e0098d6ce0b2101abfea9a98141de9bda4cfe2e8a90fd2422e9642820 940 ssl-cert_1.0.27.dsc
36366a9d425231cc831655ad869d0dd3429d72fecd1c88ca5086cb13b594daae 22217 ssl-cert_1.0.27.tar.gz
b838cdf435ea04090d231af2c71647c21465706c5ef2991fc135e31ce42a12fa 14530 ssl-cert_1.0.27_all.deb
Files:
b85837fac352776293d4d25534982af4 940 utils optional ssl-cert_1.0.27.dsc
1742940ade83ef1bf0536078ad9a3fc1 22217 utils optional ssl-cert_1.0.27.tar.gz
b3f320c23b6ec67f0c47944eb62684eb 14530 utils optional ssl-cert_1.0.27_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMpyvSbxelr8HyTqQRAqtlAJ4gxBy+wmH0Bm0F8a+zQbTk0HNcOgCfYn9p
+TzmFhILAc8tCSuIUBKtU9U=
=gZFz
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: