From 3f4bf565b1705f5a040264346633a142551321e8 Mon Sep 17 00:00:00 2001
From: Rob Lazzurs <rob@lazzurs.org>
Date: Tue, 30 May 2017 17:02:48 +0100
Subject: [PATCH 1/2] Increase the default size of the SSH key.

The default SSH key size in 2048. Increasing this to 4096 to match
current best practice guidance.
---
 playbooks/local.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/playbooks/local.yml b/playbooks/local.yml
index be2ecc9f..194346db 100644
--- a/playbooks/local.yml
+++ b/playbooks/local.yml
@@ -3,7 +3,7 @@
 - name: Generate the SSH private key
   shell: >
     echo -e  'n' |
-    ssh-keygen -b 2048 -C {{ SSH_keys.comment }}
+    ssh-keygen -b 4096 -C {{ SSH_keys.comment }}
     -t rsa -f {{ SSH_keys.private }} -q -N ""
   args:
     creates: "{{ SSH_keys.private }}"

From 6e31bee62bf247c1673fc07025ee672fb5e9b725 Mon Sep 17 00:00:00 2001
From: Rob Lazzurs <rob@lazzurs.org>
Date: Tue, 30 May 2017 17:05:58 +0100
Subject: [PATCH 2/2] Change the OpenSSL default keysize to 4096.

Changing the OpenSSL default keysize to 4096 from 2048 to match current
best practice guidelines.
---
 roles/vpn/templates/openssl.cnf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/vpn/templates/openssl.cnf.j2 b/roles/vpn/templates/openssl.cnf.j2
index 9ec12b2d..5b8fcf5c 100644
--- a/roles/vpn/templates/openssl.cnf.j2
+++ b/roles/vpn/templates/openssl.cnf.j2
@@ -52,7 +52,7 @@ emailAddress		= optional
 # Easy-RSA request handling
 # We key off $DN_MODE to determine how to format the DN
 [ req ]
-default_bits		= 2048
+default_bits		= 4096
 default_keyfile 	= privkey.pem
 default_md		= sha256
 distinguished_name	= cn_only