Increase default key size for CA + Server certs to 3072
Bug #1837841 reported by
Harry Pidcock
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical Juju |
Fix Released
|
Medium
|
Harry Pidcock | ||
Bug Description
Currently Juju generates 2048 bit RSA keys for CA and mongod.
These certificates have a 10 year validity period.
Post 2030 the recommended minimum key-size for RSA is 3072bits.
We should increase the key size to 3072 in anticipation for 2030 recommendations, as some key-pairs could still be in use around 2030.
See https:/
Revision history for this message
| John A Meinel (jameinel) wrote | #1 |
| Changed in juju: | |
| status: | New → Triaged |
Revision history for this message
| Harry Pidcock (hpidcock) wrote | #2 |
| Changed in juju: | |
| status: | Triaged → Fix Committed |
| milestone: | none → 2.7-beta1 |
Revision history for this message
| Harry Pidcock (hpidcock) wrote | #3 |
| Changed in juju: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Is it worth doing that vs expecting we would switch to something that isn't RSA? It would also be good to understand the cost of a controller running against 5000 agents using a larger RSA key. (Is there a significant difference in recovery time, or is it lost in the noise?)