ssl: gnutls: bump dh bitsize to 2048

problem is that some clients refuse to connect to severs that only offer 1024. For interoperability it would be best to just use 4096, but that takes minutes, even on current hardware.
author: Florian Westphal <fw@strlen.de> 2011-06-04 22:57:29 +0200
committer: Florian Westphal <fw@strlen.de> 2011-06-04 22:57:29 +0200
commit: 49b2d0ec98d001fbc8eedd5a183d66974f70fd52 (patch)
tree: 9d5783e7440558ae9d8efc4e2c8780fb08858288 /doc
parent: dd7d64f577633d68a11b6dc0e97ec00df0645343 (diff)
download: ngircd-49b2d0ec98d001fbc8eedd5a183d66974f70fd52.tar.gz
ngircd-49b2d0ec98d001fbc8eedd5a183d66974f70fd52.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/SSL.txt b/doc/SSL.txt
index 394894a2..b98c2fbe 100644
--- a/doc/SSL.txt
+++ b/doc/SSL.txt
@@ -51,7 +51,7 @@ OpenSSL:
 Creating a self-signed certificate and key:
  $ openssl req -newkey rsa:2048 -x509 -keyout server-key.pem -out server-cert.pem -days 1461
 Create DH parameters (optional):
- $ openssl dhparam -2 -out dhparams.pem 2048
+ $ openssl dhparam -2 -out dhparams.pem 4096
 
 GnuTLS:
 
@@ -59,7 +59,7 @@ Creating a self-signed certificate and key:
  $ certtool --generate-privkey --bits 2048 --outfile server-key.pem
  $ certtool --generate-self-signed --load-privkey server-key.pem --outfile server-cert.pem
 Create DH parameters (optional):
- $ certtool  --generate-dh-params --bits 2048 --outfile dhparams.pem
+ $ certtool  --generate-dh-params --bits 4096 --outfile dhparams.pem
 
 
 Alternate approach using stunnel(1)
author	Florian Westphal <fw@strlen.de>	2011-06-04 22:57:29 +0200
committer	Florian Westphal <fw@strlen.de>	2011-06-04 22:57:29 +0200
commit	49b2d0ec98d001fbc8eedd5a183d66974f70fd52 (patch)
tree	9d5783e7440558ae9d8efc4e2c8780fb08858288 /doc
parent	dd7d64f577633d68a11b6dc0e97ec00df0645343 (diff)
download	ngircd-49b2d0ec98d001fbc8eedd5a183d66974f70fd52.tar.gz ngircd-49b2d0ec98d001fbc8eedd5a183d66974f70fd52.zip