diff options
| author | Vernon Mauery <vernon.mauery@linux.intel.com> | 2020-03-09 20:41:31 +0300 |
|---|---|---|
| committer | Vernon Mauery <vernon.mauery@linux.intel.com> | 2020-03-09 20:41:31 +0300 |
| commit | aaf3206f0ef74a02b22c3e563a0babc3af4b2e3a (patch) | |
| tree | be91ab36fcc05ce32be880ea2d322515889aac8d /redfish-core/lib/certificate_service.hpp | |
| parent | 397fd61f34fab6922cdf84c4f411a2b1bd174a1f (diff) | |
| download | bmcweb-aaf3206f0ef74a02b22c3e563a0babc3af4b2e3a.tar.xz | |
Change the default EC key to secp384r1
prime256v1 is okay for now, but secp384r1 is more future-proof (gives us
a couple more years) and in this case does not really have any
drawbacks.
Tested: Checked to see that a new secp384r1 key is generated on first
boot and the generate CSR redfish option works.
Change-Id: I334fc56db3dd55058a4c6780f8966bcc48d8f816
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
Diffstat (limited to 'redfish-core/lib/certificate_service.hpp')
| -rw-r--r-- | redfish-core/lib/certificate_service.hpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/redfish-core/lib/certificate_service.hpp b/redfish-core/lib/certificate_service.hpp index 6cb5b868ff..66ddab8a68 100644 --- a/redfish-core/lib/certificate_service.hpp +++ b/redfish-core/lib/certificate_service.hpp @@ -285,7 +285,7 @@ class CertificateActionGenerateCSR : public Node std::optional<std::string> optGivenName = ""; std::optional<std::string> optInitials = ""; std::optional<int64_t> optKeyBitLength = RSA_KEY_BIT_LENGTH; - std::optional<std::string> optKeyCurveId = "prime256v1"; + std::optional<std::string> optKeyCurveId = "secp384r1"; std::optional<std::string> optKeyPairAlgorithm = "EC"; std::optional<std::vector<std::string>> optKeyUsage = std::vector<std::string>(); |