wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-09-02 10:03:01 +02:00
Code Issues Projects Releases Wiki Activity

Switch ecparam to secp384r1

Browse source
This commit is contained in:
Jack Ivanov 2018-06-06 18:07:23 +03:00
parent 7b9c6a849a
commit 94584a3378
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
roles/vpn/tasks/openssl.yml
View file

@ -42,9 +42,9 @@
- name: Build the CA pair
shell: >
{{ openssl_bin }} ecparam -name prime256v1 -out ecparams/prime256v1.pem &&
{{ openssl_bin }} ecparam -name secp384r1 -out ecparams/secp384r1.pem &&
{{ openssl_bin }} req -utf8 -new
-newkey ec:ecparams/prime256v1.pem
-newkey ec:ecparams/secp384r1.pem
-config <(cat openssl.cnf <(printf "[basic_exts]\nsubjectAltName={{ subjectAltName }}"))
-keyout private/cakey.pem
-out cacert.pem -x509 -days 3650
@ -71,7 +71,7 @@
- name: Build the server pair
shell: >
{{ openssl_bin }} req -utf8 -new
-newkey ec:ecparams/prime256v1.pem
-newkey ec:ecparams/secp384r1.pem
-config <(cat openssl.cnf <(printf "[basic_exts]\nsubjectAltName={{ subjectAltName }}"))
-keyout private/{{ IP_subject_alt_name }}.key
-out reqs/{{ IP_subject_alt_name }}.req -nodes
@ -93,7 +93,7 @@
- name: Build the client's pair
shell: >
{{ openssl_bin }} req -utf8 -new
-newkey ec:ecparams/prime256v1.pem
-newkey ec:ecparams/secp384r1.pem
-config <(cat openssl.cnf <(printf "[basic_exts]\nsubjectAltName=DNS:{{ item }}"))
-keyout private/{{ item }}.key
-out reqs/{{ item }}.req -nodes