letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
boulder/goodkey
History
Roland Bracewell Shoemaker 56898e8953
Log RSA key sizes in WFE/WFE2 and add feature to restrict them (#4839) 
Currently 99.99% of RSA keys we see in certificates at Let's Encrypt are
either 2048, 3072, or 4096 bits, but we support every 8 bit increment
between 2048 and 4096. Supporting these uncommon key sizes opens us up to
having to block much larger ranges of keys when dealing with something
like the Debian weak keys incident. Instead we should just reduce the
set of key sizes we support down to what people actually use.

Fixes #4835.
 		2020-06-08 11:23:27 -07:00
..
blocked.go Block keys using hex(sha256(spki)). (#4745) 2020-04-09 09:41:33 -07:00
blocked_test.go Add a blocked keys table, and use it (#4773) 2020-04-15 13:42:51 -07:00
good_key.go Log RSA key sizes in WFE/WFE2 and add feature to restrict them (#4839) 2020-06-08 11:23:27 -07:00
good_key_test.go Log RSA key sizes in WFE/WFE2 and add feature to restrict them (#4839) 2020-06-08 11:23:27 -07:00
weak.go Add tool to search for certificates containing debian weak keys (#3077) 2017-09-13 10:59:58 -07:00
weak_test.go Add tool to search for certificates containing debian weak keys (#3077) 2017-09-13 10:59:58 -07:00