Skip to content

Commit

Permalink
Use larger key size in Makefile
Browse files Browse the repository at this point in the history 
With the default key size of 1024, when I start the server with
`make compile run`, I see several stacktraces with the message

  #<thread:'package-change-handler>
  *** DAEMON CRASHED: main-web-server-thread ***
  ssl-load-certificate-chain!: load failed from: #<path:/home/schwa/sd/racket/racket-pkg-website/src/../server-cert.pem> (error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small)
    context...:

jfromaniello/selfsigned#33 suggests increasing
the key size to at least 2048 bits. Increasing the key size in the
Makefile makes the above stacktraces go away.

I set the key size in the Makefile to 4096 to make it more
"future-proof", but feel free to use a key size of 2048, which works for
me as well.
  • Loading branch information
@sschwarzer
sschwarzer committed Jul 10, 2021
1 parent a325bde commit a724e68
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ clean:
keys: private-key.pem server-cert.pem

private-key.pem:
openssl genrsa -des3 -passout pass:dummy -out $@ 1024
openssl genrsa -des3 -passout pass:dummy -out $@ 4096
openssl rsa -passin pass:dummy -in $@ -out $@

server-cert.pem: private-key.pem
Expand Down

0 comments on commit a724e68

Please sign in to comment.