Closed emanuelb closed 3 years ago
Changed to EC keys in 3926187a0e266ecade8d86c9ada08ea266c60710 and 794b5034fbd71c484c3f4b5087cf41ca4e1df44c.
also the
-subj '/'
should be replaced with more relevant or meaningful subject.
I intentionally didn't want to use a unique subject common name that would identify the server as running bitcoin-related software. Using the minimally valid subject seemed like a good choice (hopefully used elsewhere too, so not too identifying).
In any case, I made it configurable via a new SELFSIGNED_SUBJECT
environment variable in e142dc845e4ec30fff390107c259099aa3402b2c.
Using the minimally valid subject seemed like a good choice (hopefully used elsewhere too, so not too identifying).
good idea in general, worth to look for common subjects in dataset of scarping of SSL certs over the internet (in case there better default then /
) like: https://www.eff.org/observatory or more newer projects, I don't know what the default/common name other projects with same consideration are using.
Anyway closing this issue as it's fixed (RSA changed to ECC & new SELFSIGNED_SUBJECT
environment variable)
RSA is used in: https://github.com/ez-org/eznode/blob/59a5766c5a97a7659160d5445d2f5226326e80c2/nginx/selfsigned.sh#L9-L13
and in
dropbear/run
file and related: https://github.com/ez-org/eznode/blob/59a5766c5a97a7659160d5445d2f5226326e80c2/.travis.yml#L38Generating ECC keys (Ed25519 better if possible) instead result in better performance.
also the
-subj '/'
should be replaced with more relevant or meaningful subject.