Expanded minimum RSA Keylength to 3072 (#26604)

German Federal Office for Information Security requests in its technical guideline BSI TR-02102-1 RSA Keylength not shorter than 3000bits starting 2024, in the year 2023 3000bits as a recommendation. Gitea should request longer RSA Keys by default in favor of security and drop old clients which do not support longer keys. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile&v=9 - Page 19, Table 1.2 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-05-25 11:22:16 +00:00 · 2023-08-28 02:53:16 +02:00 · 2023-08-28 02:53:16 +02:00 · c533991519
commit c533991519
parent 2401e6e121
10 changed files with 12 additions and 9 deletions
--- a/docs/content/administration/command-line.en-us.md
+++ b/docs/content/administration/command-line.en-us.md
@ -313,7 +313,7 @@ directory and will overwrite any existing files.
  - `--ecdsa-curve value`: ECDSA curve to use to generate a key. Optional. Valid options
    are P224, P256, P384, P521.
  - `--rsa-bits value`: Size of RSA key to generate. Optional. Ignored if --ecdsa-curve is
-    set. (default: 2048).
+    set. (default: 3072).
  - `--start-date value`: Creation date. Optional. (format: `Jan 1 15:04:05 2011`).
  - `--duration value`: Duration which the certificate is valid for. Optional. (default: 8760h0m0s)
  - `--ca`: If provided, this cert generates it's own certificate authority. Optional.