mirror of
https://github.com/go-gitea/gitea
synced 2025-07-03 09:07:19 +00:00
Expanded minimum RSA Keylength to 3072 (#26604)
German Federal Office for Information Security requests in its technical guideline BSI TR-02102-1 RSA Keylength not shorter than 3000bits starting 2024, in the year 2023 3000bits as a recommendation. Gitea should request longer RSA Keys by default in favor of security and drop old clients which do not support longer keys. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile&v=9 - Page 19, Table 1.2 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
@ -681,7 +681,7 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type
|
||||
|
||||
- `ED25519`: **256**
|
||||
- `ECDSA`: **256**
|
||||
- `RSA`: **2047**: We set 2047 here because an otherwise valid 2048 RSA key can be reported as 2047 length.
|
||||
- `RSA`: **3071**: We set 3071 here because an otherwise valid 3072 RSA key can be reported as 3071 length.
|
||||
- `DSA`: **-1**: DSA is now disabled by default. Set to **1024** to re-enable but ensure you may need to reconfigure your SSHD provider
|
||||
|
||||
## Webhook (`webhook`)
|
||||
|
Reference in New Issue
Block a user