Message 324324 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	alex, christian.heimes, dstufft, janssen
Date	2018-08-29.14:17:16
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1535552236.3.0.56676864532.issue34542@psf.upfronthosting.co.za>
In-reply-to

Content
In bug #34399, I updated all RSA keys to 2048. However that not sufficient for future proof settings. Fedora's FUTURE crypto policy requires 3072bit RSA keys. Further more, I forgot to update the signature algorithm, too. * RSA >= 3072bits * finite field DH >= 3072bits * signature algorithm with SHA2-256 or SHA2-384 PKCSv1 #1.5 (I don't think RSASSA-PSS works with OpenSSL 1.0.2 or TLS < 1.0)

In bug #34399, I updated all RSA keys to 2048. However that not sufficient for future proof settings. Fedora's FUTURE crypto policy requires 3072bit RSA keys. Further more, I forgot to update the signature algorithm, too.

* RSA >= 3072bits
* finite field DH >= 3072bits
* signature algorithm with SHA2-256 or SHA2-384 PKCSv1 #1.5 (I don't think RSASSA-PSS works with OpenSSL 1.0.2 or TLS < 1.0)

History
Date	User	Action	Args
2018-08-29 14:17:16	christian.heimes	set	recipients: + christian.heimes, janssen, alex, dstufft
2018-08-29 14:17:16	christian.heimes	set	messageid: <1535552236.3.0.56676864532.issue34542@psf.upfronthosting.co.za>
2018-08-29 14:17:16	christian.heimes	link	issue34542 messages
2018-08-29 14:17:16	christian.heimes	create