Switch ecparam to secp384r1

2025-09-02 18:13:13 +02:00 · 2018-06-06 18:07:23 +03:00 · 2018-06-06 18:07:23 +03:00 · 94584a3378
commit 94584a3378
parent 7b9c6a849a
1 changed files with 4 additions and 4 deletions
--- a/roles/vpn/tasks/openssl.yml
+++ b/roles/vpn/tasks/openssl.yml
@ -42,9 +42,9 @@
  - name: Build the CA pair
    shell: >
-      {{ openssl_bin }} ecparam -name prime256v1 -out ecparams/prime256v1.pem &&
+      {{ openssl_bin }} ecparam -name secp384r1 -out ecparams/secp384r1.pem &&
      {{ openssl_bin }} req -utf8 -new
-      -newkey ec:ecparams/prime256v1.pem
+      -newkey ec:ecparams/secp384r1.pem
      -config <(cat openssl.cnf <(printf "[basic_exts]\nsubjectAltName={{ subjectAltName }}"))
      -keyout private/cakey.pem
      -out cacert.pem -x509 -days 3650
@ -71,7 +71,7 @@
  - name: Build the server pair
    shell: >
      {{ openssl_bin }} req -utf8 -new
-      -newkey ec:ecparams/prime256v1.pem
+      -newkey ec:ecparams/secp384r1.pem
      -config <(cat openssl.cnf <(printf "[basic_exts]\nsubjectAltName={{ subjectAltName }}"))
      -keyout private/{{ IP_subject_alt_name }}.key
      -out reqs/{{ IP_subject_alt_name }}.req -nodes
@ -93,7 +93,7 @@
  - name: Build the client's pair
    shell: >
      {{ openssl_bin }} req -utf8 -new
-      -newkey ec:ecparams/prime256v1.pem
+      -newkey ec:ecparams/secp384r1.pem
      -config <(cat openssl.cnf <(printf "[basic_exts]\nsubjectAltName=DNS:{{ item }}"))
      -keyout private/{{ item }}.key
      -out reqs/{{ item }}.req -nodes