From b08edf709dfcd79c3691370930cd89c4b9b16d2f Mon Sep 17 00:00:00 2001 From: Jeff King Date: Wed, 1 Feb 2023 06:39:26 -0500 Subject: [PATCH] t/lib-httpd: increase ssl key size to 2048 bits Recent versions of openssl will refuse to work with 1024-bit RSA keys, as they are considered insecure. I didn't track down the exact version in which the defaults were tightened, but the Debian-package openssl 3.0 on my system yields: $ LIB_HTTPD_SSL=1 ./t5551-http-fetch-smart.sh -v -i [...] SSL Library Error: error:0A00018F:SSL routines::ee key too small 1..0 # SKIP web server setup failed This could probably be overcome with configuration, but that's likely to be a headache (especially if it requires touching /etc/openssl). Let's just pick a key size that's less outrageously out of date. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- t/lib-httpd/ssl.cnf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/lib-httpd/ssl.cnf b/t/lib-httpd/ssl.cnf index 6dab2579cb..812e8253f0 100644 --- a/t/lib-httpd/ssl.cnf +++ b/t/lib-httpd/ssl.cnf @@ -1,7 +1,7 @@ RANDFILE = $ENV::RANDFILE_PATH [ req ] -default_bits = 1024 +default_bits = 2048 distinguished_name = req_distinguished_name prompt = no [ req_distinguished_name ]