From 6e31bee62bf247c1673fc07025ee672fb5e9b725 Mon Sep 17 00:00:00 2001
From: Rob Lazzurs <rob@lazzurs.org>
Date: Tue, 30 May 2017 17:05:58 +0100
Subject: [PATCH] Change the OpenSSL default keysize to 4096.

Changing the OpenSSL default keysize to 4096 from 2048 to match current
best practice guidelines.
---
 roles/vpn/templates/openssl.cnf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/vpn/templates/openssl.cnf.j2 b/roles/vpn/templates/openssl.cnf.j2
index 9ec12b2d..5b8fcf5c 100644
--- a/roles/vpn/templates/openssl.cnf.j2
+++ b/roles/vpn/templates/openssl.cnf.j2
@@ -52,7 +52,7 @@ emailAddress		= optional
 # Easy-RSA request handling
 # We key off $DN_MODE to determine how to format the DN
 [ req ]
-default_bits		= 2048
+default_bits		= 4096
 default_keyfile 	= privkey.pem
 default_md		= sha256
 distinguished_name	= cn_only