httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bhuvaneswaran A <bhu...@apache.org>
Subject Misleading faq: 2048 bit server certificate
Date Mon, 20 Sep 2010 10:57:37 GMT
Ref: http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#keysize

In Apache 2.2.11, as far as I tested, the use of 2048 bit server
certificate is supported.
[bhuvan@cu062 CERTS]$ openssl rsa -noout -text -in server2048.key|grep key -i
Private-Key: (2048 bit)

However the following FAQ item is misleading.
-------------------------------------------------------------
Why does my 2048-bit private key not work?

The private key sizes for SSL must be either 512 or 1024 bits, for
compatibility with certain web browsers. A keysize of 1024 bits is
recommended because keys larger than 1024 bits are incompatible with
some versions of Netscape Navigator and Microsoft Internet Explorer,
and with other browsers that use RSA's BSAFE cryptography toolkit.
-------------------------------------------------------------

Either the FAQ item should be removed, or fixed as follows:
-------------------------------------------------------------
May I use 2048-bit private key?

Yes, you can use 2048-bit private key. However, the keysize of 1024
bits is recommended. because keys larger than 1024 bits are
incompatible with some versions of Netscape Navigator and Microsoft
Internet Explorer, and with other browsers that use RSA's BSAFE
cryptography toolkit.
-------------------------------------------------------------

Thank you.
-- 
Regards,
Bhuvaneswaran A
www.livecipher.com

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message