From aaf3206f0ef74a02b22c3e563a0babc3af4b2e3a Mon Sep 17 00:00:00 2001
From: Vernon Mauery <vernon.mauery@linux.intel.com>
Date: Mon, 9 Mar 2020 10:41:31 -0700
Subject: Change the default EC key to secp384r1

prime256v1 is okay for now, but secp384r1 is more future-proof (gives us
a couple more years) and in this case does not really have any
drawbacks.

Tested: Checked to see that a new secp384r1 key is generated on first
        boot and the generate CSR redfish option works.

Change-Id: I334fc56db3dd55058a4c6780f8966bcc48d8f816
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 93660ed655..301fd29b3d 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,7 @@ usable, it generates a new configuration.
 
 When BMCWeb SSL support is enabled and a usable certificate is not
 found, it will generate a self-sign a certificate before launching the
-server.  The keys are generated by the `prime256v1` algorithm.  The
+server.  The keys are generated by the `secp384r1` algorithm.  The
 certificate
  - is issued by `C=US, O=OpenBMC, CN=testhost`,
  - is valid for 10 years,
-- 
cgit v1.2.3