ovs-pki: Use 3072-bit keys by default and drop 1024-bit ones.

NIST Special Publication 800-57 Part 1 Revision 5 "Recommendation for Key Management" [1] estimates 2024-bit RSA keys as having 112 bits of security strength. At the same time keys with 112 bits of security strength are deemed acceptable only through 2030 and disallowed after that year. Let's be safe and generate 3072-bit keys by default. These should have 128 bits of security strength and are allowed after 2030. Also, 1024-bit keys are estimated to have only 80 bits of security strength and are generally disallowed today. Let's not allow creation of such keys by default. [1] https://doi.org/10.6028/NIST.SP.800-57pt1r5 Signed-off-by: Ilya Maximets <[email protected]> Signed-off-by: 0-day Robot <[email protected]>
ovsrobot · Dec 9, 2024 · 30810a1 · 30810a1
1 parent 39732c7
commit 30810a1
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/NEWS b/NEWS
@@ -20,6 +20,7 @@ Post-v3.4.0
          - "TLSv1-TLSv1.2" to enable all protocols between TLSv1 and TLSv1.2.
          - "TLSv1.2+" to enable protocol TLSv1.2 and later.
        The value must be a list of protocols or exactly one protocol range.
+     * ovs-pki now generates 3072-bit keys by default.
    - Userspace datapath:
      * The default zone limit, if set, is now inherited by any zone
        that does not have a specific value defined, rather than being

diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in
@@ -24,7 +24,7 @@ batch=no
 unique_name=no
 log='@LOGDIR@/ovs-pki.log'
 keytype=rsa
-bits=2048
+bits=3072
 
 # OS-specific compatibility routines
 case $(uname -s) in
@@ -171,7 +171,7 @@ Each TYPE above is a certificate type: 'switch' (default) or 'controller'.
 
 Options for 'init', 'req', and 'req+sign' only:
   -k, --key=rsa|dsa    Type of keys to use (default: rsa)
-  -B, --bits=NBITS     Number of bits in keys (default: 2048).  For DSA keys,
+  -B, --bits=NBITS     Number of bits in keys (default: $bits).  For DSA keys,
                          this has an effect only on 'init'.
   -D, --dsaparam=FILE  File with DSA parameters (DSA only)
                          (default: dsaparam.pem within PKI directory)
@@ -263,8 +263,8 @@ if test "$keytype" != rsa && test "$keytype" != dsa; then
     echo "$0: argument to -k or --key must be rsa or dsa" >&2
     exit 1
 fi
-if test "$bits" -lt 1024; then
-    echo "$0: argument to -B or --bits must be at least 1024" >&2
+if test "$bits" -lt 2048; then
+    echo "$0: argument to -B or --bits must be at least 2048" >&2
     exit 1
 fi
 if test -z "$dsaparam"; then