Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Use 2048-bit RSA key to make pixelserv-tls work on Debian 10 "Buster" #28
I recently upgraded to Debian 10 "Buster" and pixelserv-tls wouldn't work anymore.
The cryptic error messages in the log (debug level 4) read:
After hacking around in cert.c and making the real SSL error messages appear if
I received the following error:
which lead me to improve my ca.key generation line in my setup script to
Unfortunately, the error wouldn't go away. I then realized that the key length is also hardcoded in cert.c:
Once I changed this to 2048, everything is working fine again.
Thanks for patching
Just to add this is also going to be an issue for macOS 10.15 and iOS 13 clients due to new enforcement rules.
"TLS server certificates and issuing CAs using RSA keys must use key sizes greater than or equal to 2048 bits. Certificates using RSA key sizes smaller than 2048 bits are no longer trusted for TLS."