Support for 2048bit keys

[RmACK123]

Feature request: support for 2048bit keys as an option.

[viljoviitanen]

I would not accept a patch for that to be an option. Either change the default to 2048 or leave it as it is. Anyway if you are worried about 1024 bit rsa key security, you really should not set up your vpn using a random script from the interwebs!

Closing.

[CodyKochmann]

lol @viljoviitanen that was a little brutal. He does have a little bit of a point though, maybe not for a dedicated option, but it is a little odd that 2048 isn't the default. I'm assuming there's a reason why its 1024 by default?

[viljoviitanen]

The reason for 1024bit default is, it was the default on the easy-rsa tool at the time I copied it from openvpn sources. I don't know why it's that, maybe because openssl/openvpn/whatever authors at one time considered 1024bit rsa keys to have "enough" security.

I'd like to re-iterate my point, if you need more security than 1024bit rsa keys give (which actually is quite a lot, even though default for pretty much everything nowadays is 2048bit), you don't build your vpn from random internet scripts.

Anyways. PR to change to 2048 bit default welcome. Also at the same time check if any other default values that the easy-rsa tool does should change as well. If anyone does that, please do test it on some popular cloud providers cheap virtual machines so that generating won't take ages.

Locking.