Re: Best pratices for creating an SSL certificate

To: tech-security%NetBSD.org@localhost
Subject: Re: Best pratices for creating an SSL certificate
From: Matthias Scheler <tron%zhadum.org.uk@localhost>
Date: Tue, 30 Aug 2011 21:04:33 +0100

On Tue, Aug 30, 2011 at 01:29:18PM -0400, Steven Bellovin wrote:
> What you've specified -- 2048-bit RSA with SHA-1 -- is about as strong
> as is generally usable.

Good.

>  A longer modulus is too expensive for some devices

Yes, quite likely as some of the device will be smart phones.

> MD5 should never be used; it's far too weak.

I know. But can I enforce that by disabling MD5 on the certificate?
Or will reasonable clients always prefer SHA1?

        Kind regards

-- 
Matthias Scheler                                  http://zhadum.org.uk/

Follow-Ups:
- Re: Best pratices for creating an SSL certificate
  - From: Thor Lancelot Simon

References:
- Best pratices for creating an SSL certificate
  - From: Matthias Scheler
- Re: Best pratices for creating an SSL certificate
  - From: Steven Bellovin

Prev by Date: Re: Best pratices for creating an SSL certificate
Next by Date: Re: Best pratices for creating an SSL certificate
Previous by Thread: Re: Best pratices for creating an SSL certificate
Next by Thread: Re: Best pratices for creating an SSL certificate
Indexes:

Home | Main Index | Thread Index | Old Index