From 94584a3378f09a5446eba2d96cc312cabdd1a72b Mon Sep 17 00:00:00 2001
From: Jack Ivanov <e601809@gmail.com>
Date: Wed, 6 Jun 2018 18:07:23 +0300
Subject: [PATCH] Switch ecparam to secp384r1

---
 roles/vpn/tasks/openssl.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/vpn/tasks/openssl.yml b/roles/vpn/tasks/openssl.yml
index 053470fb..af19ae2b 100644
--- a/roles/vpn/tasks/openssl.yml
+++ b/roles/vpn/tasks/openssl.yml
@@ -42,9 +42,9 @@
 
   - name: Build the CA pair
     shell: >
-      {{ openssl_bin }} ecparam -name prime256v1 -out ecparams/prime256v1.pem &&
+      {{ openssl_bin }} ecparam -name secp384r1 -out ecparams/secp384r1.pem &&
       {{ openssl_bin }} req -utf8 -new
-      -newkey ec:ecparams/prime256v1.pem
+      -newkey ec:ecparams/secp384r1.pem
       -config <(cat openssl.cnf <(printf "[basic_exts]\nsubjectAltName={{ subjectAltName }}"))
       -keyout private/cakey.pem
       -out cacert.pem -x509 -days 3650
@@ -71,7 +71,7 @@
   - name: Build the server pair
     shell: >
       {{ openssl_bin }} req -utf8 -new
-      -newkey ec:ecparams/prime256v1.pem
+      -newkey ec:ecparams/secp384r1.pem
       -config <(cat openssl.cnf <(printf "[basic_exts]\nsubjectAltName={{ subjectAltName }}"))
       -keyout private/{{ IP_subject_alt_name }}.key
       -out reqs/{{ IP_subject_alt_name }}.req -nodes
@@ -93,7 +93,7 @@
   - name: Build the client's pair
     shell: >
       {{ openssl_bin }} req -utf8 -new
-      -newkey ec:ecparams/prime256v1.pem
+      -newkey ec:ecparams/secp384r1.pem
       -config <(cat openssl.cnf <(printf "[basic_exts]\nsubjectAltName=DNS:{{ item }}"))
       -keyout private/{{ item }}.key
       -out reqs/{{ item }}.req -nodes