• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Increasing default SSL key size

Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
22 Posts 9 Posters 8.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    Nadrek
    last edited by Jun 15, 2012, 3:00 AM

    For those working at least in the United States in certain regulated industries, the NIST SP800-131A document's regulations are extremely important.  Being able to answer an auditor with a flat "No, we have never had a certificate on the network or on the premises that does not meet NIST SP800-131A requirements" is valuable; you don't have to waste time explaining the exceptions, "Well, it was a default configuration on a new firewall, and we changed it immediately.  Yes, it was plugged into the core switch.  No, no-one else got into it.  Yes, here's a copy of the logs from the time we turned it on until the time the certificate was changed.  Yes, here's the documentation of the approval."

    As others have said, upgrading OpenSSL to 1.0.x and getting TLS 1.1/1.2 available would also be very welcome.

    1 Reply Last reply Reply Quote 0
    • N
      NOYB
      last edited by Jun 15, 2012, 5:07 AM

      Yup.  There is really no good reason for rolling out version after version of down rev’d and out of date product.

      If people can't deal with upgrading then they can stay on the previous existing rev they are currently running.  Placating lowest common denominator at the expense of everyone is it just bad dogma.

      1 Reply Last reply Reply Quote 0
      22 out of 22
      • First post
        22/22
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received