Skip to content

Commit

Permalink
Raise RSA key size for retry token generator / validator
Browse files Browse the repository at this point in the history
A 1024-bit key cannot be considered secure, so raise this to 2048 bits.

Fixes: #407
  • Loading branch information
jlaine committed Nov 4, 2023
1 parent 2fe490a commit d9ee663
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/aioquic/quic/retry.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ def encode_address(addr: NetworkAddress) -> bytes:

class QuicRetryTokenHandler:
def __init__(self) -> None:
self._key = rsa.generate_private_key(public_exponent=65537, key_size=1024)
self._key = rsa.generate_private_key(public_exponent=65537, key_size=2048)

def create_token(
self,
Expand Down
1 change: 1 addition & 0 deletions tests/test_retry.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ def test_retry_token(self):
addr, original_destination_connection_id, retry_source_connection_id
)
self.assertIsNotNone(token)
self.assertEqual(len(token), 256)

# validate token - ok
self.assertEqual(
Expand Down

0 comments on commit d9ee663

Please sign in to comment.