Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Increasing default SSL key size

    Scheduled Pinned Locked Moved
    2.1 Snapshot Feedback and Problems - RETIRED
    9
    22
    7.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nadrek
      last edited by

      For those working at least in the United States in certain regulated industries, the NIST SP800-131A document's regulations are extremely important.  Being able to answer an auditor with a flat "No, we have never had a certificate on the network or on the premises that does not meet NIST SP800-131A requirements" is valuable; you don't have to waste time explaining the exceptions, "Well, it was a default configuration on a new firewall, and we changed it immediately.  Yes, it was plugged into the core switch.  No, no-one else got into it.  Yes, here's a copy of the logs from the time we turned it on until the time the certificate was changed.  Yes, here's the documentation of the approval."

      As others have said, upgrading OpenSSL to 1.0.x and getting TLS 1.1/1.2 available would also be very welcome.

      1 Reply Last reply Reply Quote 0
      • N
        NOYB
        last edited by

        Yup.  There is really no good reason for rolling out version after version of down rev’d and out of date product.

        If people can't deal with upgrading then they can stay on the previous existing rev they are currently running.  Placating lowest common denominator at the expense of everyone is it just bad dogma.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.