diff options
| author | mainboarder <git@mainboarder.de> | 2023-08-28 02:53:16 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-28 00:53:16 +0000 |
| commit | c533991519816313dfaa0ddcec183756a97b9348 (patch) | |
| tree | 66ce0853585a3403c597ad40f40f4e7d28b6a3fa /modules/setting/ssh.go | |
| parent | 2401e6e1210cb41481e7443ab256a0ee9bda44f4 (diff) | |
| download | gitea-c533991519816313dfaa0ddcec183756a97b9348.tar.gz gitea-c533991519816313dfaa0ddcec183756a97b9348.zip | |
Expanded minimum RSA Keylength to 3072 (#26604)
German Federal Office for Information Security requests in its technical
guideline BSI TR-02102-1 RSA Keylength not shorter than 3000bits
starting 2024, in the year 2023 3000bits as a recommendation. Gitea
should request longer RSA Keys by default in favor of security and drop
old clients which do not support longer keys.
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile&v=9
- Page 19, Table 1.2
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Diffstat (limited to 'modules/setting/ssh.go')
| -rw-r--r-- | modules/setting/ssh.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/setting/ssh.go b/modules/setting/ssh.go index bbb7f5ab6c..ea387e521f 100644 --- a/modules/setting/ssh.go +++ b/modules/setting/ssh.go @@ -60,7 +60,7 @@ var SSH = struct { ServerMACs: []string{"hmac-sha2-256-etm@openssh.com", "hmac-sha2-256", "hmac-sha1"}, KeygenPath: "", MinimumKeySizeCheck: true, - MinimumKeySizes: map[string]int{"ed25519": 256, "ed25519-sk": 256, "ecdsa": 256, "ecdsa-sk": 256, "rsa": 2047}, + MinimumKeySizes: map[string]int{"ed25519": 256, "ed25519-sk": 256, "ecdsa": 256, "ecdsa-sk": 256, "rsa": 3071}, ServerHostKeys: []string{"ssh/gitea.rsa", "ssh/gogs.rsa"}, AuthorizedKeysCommandTemplate: "{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}", PerWriteTimeout: PerWriteTimeout, |