-
由 Michal Privoznik 提交于
With the recent update of Fedora rawhide I've noticed virnettlssessiontest and virnettlscontexttest failing with: Our own certificate servercertreq-ctx.pem failed validation against cacertreq-ctx.pem: The certificate uses an insecure algorithm This is result of Fedora changes to support strong crypto [1]. RSA with 1024 bit key is viewed as legacy and thus insecure. Generate a new private key then. Moreover, switch to EC which is not only shorter but also not deprecated that often as RSA. Generated using the following command: openssl genpkey --outform PEM --out privkey.pem \ --algorithm EC --pkeyopt ec_paramgen_curve:P-384 \ --pkeyopt ec_param_enc:named_curve 1: https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
c3fa17cd