diff options
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | include/ssl_key_handler.hpp | 2 | ||||
| -rw-r--r-- | redfish-core/lib/certificate_service.hpp | 2 |
3 files changed, 3 insertions, 3 deletions
@@ -27,7 +27,7 @@ usable, it generates a new configuration. When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the -server. The keys are generated by the `prime256v1` algorithm. The +server. The keys are generated by the `secp384r1` algorithm. The certificate - is issued by `C=US, O=OpenBMC, CN=testhost`, - is valid for 10 years, diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp index fab31eae0a..0240712735 100644 --- a/include/ssl_key_handler.hpp +++ b/include/ssl_key_handler.hpp @@ -255,7 +255,7 @@ EVP_PKEY *createEcKey() { EVP_PKEY *pKey = nullptr; int eccgrp = 0; - eccgrp = OBJ_txt2nid("prime256v1"); + eccgrp = OBJ_txt2nid("secp384r1"); EC_KEY *myecc = EC_KEY_new_by_curve_name(eccgrp); if (myecc != nullptr) diff --git a/redfish-core/lib/certificate_service.hpp b/redfish-core/lib/certificate_service.hpp index 6cb5b868ff..66ddab8a68 100644 --- a/redfish-core/lib/certificate_service.hpp +++ b/redfish-core/lib/certificate_service.hpp @@ -285,7 +285,7 @@ class CertificateActionGenerateCSR : public Node std::optional<std::string> optGivenName = ""; std::optional<std::string> optInitials = ""; std::optional<int64_t> optKeyBitLength = RSA_KEY_BIT_LENGTH; - std::optional<std::string> optKeyCurveId = "prime256v1"; + std::optional<std::string> optKeyCurveId = "secp384r1"; std::optional<std::string> optKeyPairAlgorithm = "EC"; std::optional<std::vector<std::string>> optKeyUsage = std::vector<std::string>(); |