Change the default EC key to secp384r1

prime256v1 is okay for now, but secp384r1 is more future-proof (gives us a couple more years) and in this case does not really have any drawbacks. Tested: Checked to see that a new secp384r1 key is generated on first boot and the generate CSR redfish option works. Change-Id: I334fc56db3dd55058a4c6780f8966bcc48d8f816 Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
author: Vernon Mauery <vernon.mauery@linux.intel.com> 2020-03-09 20:41:31 +0300
committer: Vernon Mauery <vernon.mauery@linux.intel.com> 2020-03-09 20:41:31 +0300
commit: aaf3206f0ef74a02b22c3e563a0babc3af4b2e3a (patch)
tree: be91ab36fcc05ce32be880ea2d322515889aac8d /include/ssl_key_handler.hpp
parent: 397fd61f34fab6922cdf84c4f411a2b1bd174a1f (diff)
download: bmcweb-aaf3206f0ef74a02b22c3e563a0babc3af4b2e3a.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp
index fab31eae0a..0240712735 100644
--- a/include/ssl_key_handler.hpp
+++ b/include/ssl_key_handler.hpp
@@ -255,7 +255,7 @@ EVP_PKEY *createEcKey()
 {
     EVP_PKEY *pKey = nullptr;
     int eccgrp = 0;
-    eccgrp = OBJ_txt2nid("prime256v1");
+    eccgrp = OBJ_txt2nid("secp384r1");
 
     EC_KEY *myecc = EC_KEY_new_by_curve_name(eccgrp);
     if (myecc != nullptr)
author	Vernon Mauery <vernon.mauery@linux.intel.com>	2020-03-09 20:41:31 +0300
committer	Vernon Mauery <vernon.mauery@linux.intel.com>	2020-03-09 20:41:31 +0300
commit	aaf3206f0ef74a02b22c3e563a0babc3af4b2e3a (patch)
tree	be91ab36fcc05ce32be880ea2d322515889aac8d /include/ssl_key_handler.hpp
parent	397fd61f34fab6922cdf84c4f411a2b1bd174a1f (diff)
download	bmcweb-aaf3206f0ef74a02b22c3e563a0babc3af4b2e3a.tar.xz