Increasing default SSL key size
-
For those working at least in the United States in certain regulated industries, the NIST SP800-131A document's regulations are extremely important. Being able to answer an auditor with a flat "No, we have never had a certificate on the network or on the premises that does not meet NIST SP800-131A requirements" is valuable; you don't have to waste time explaining the exceptions, "Well, it was a default configuration on a new firewall, and we changed it immediately. Yes, it was plugged into the core switch. No, no-one else got into it. Yes, here's a copy of the logs from the time we turned it on until the time the certificate was changed. Yes, here's the documentation of the approval."
As others have said, upgrading OpenSSL to 1.0.x and getting TLS 1.1/1.2 available would also be very welcome.
-
Yup. There is really no good reason for rolling out version after version of down rev’d and out of date product.
If people can't deal with upgrading then they can stay on the previous existing rev they are currently running. Placating lowest common denominator at the expense of everyone is it just bad dogma.