-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CA certificate not up to date #661
Comments
Openssl 1.1.1 does not considere 1024bit RSA key as secure. So this changes the generate key size to 2048 Closes: mock-server#661
Openssl 1.1.1 does not considere 1024bit RSA key as secure. So this changes the generate key size to 2048 Closes: mock-server#661
Openssl 1.1.1 does not considere 1024bit RSA key as secure. So this patch changes the generated key size to 2048 Closes: mock-server#661
Openssl 1.1.1 does not considere 1024bit RSA key as secure. So this patch changes the generated key size to 2048 Closes: #661
Files https://github.com/mock-server/mockserver/tree/master/mockserver-core/src/main/resources/org/mockserver/socket is not up to date. I am getting ERR_CERT_WEAK_KEY |
I will update these files prior to doing the next release otherwise I'll break the current released version of MockServer. The new release will include new logic to generate certificates that don't rely on the good but massively over-bloated bouncy castle. I've added a note to this backlog item to update the certs https://trello.com/c/tsJDyFuy/80-replace-bouncy-castle-with-java-8-jdk-approach-for-dynamic-certs |
@ondro2208 actually I was wrong those files don't need to be updated, can you provide more detail on your ERR_CERT_WEAK_KEY, which cert, what tool if giving you that, what is the full error output, etc |
I'm closing the issue as I can't reproduce on the current codebase. In addition in the new release that will be completed and release as soon as the final TLS documentation is updated, there have been extensive updates to the TLS logic. The following features have been added:
The first item on the list allows the CA X509 to be dynamically generated and saved in a specified directory (which is reused as long as the file is present in the specified directory). |
Hi,
I have recently updated some system to debian buster that now uses openssl 1.1.1. and the mockserver ssl certificat is no more valid.
rsa key must be 2048bit long.
While the mockserver CA SSL certificat looks good. The certificate built on the fly for custom domain looks have only 1024bit.
Regards,
The text was updated successfully, but these errors were encountered: