f3f1f9c919
Use AES (the successor of DES) to encrypt private key. Further reading: * http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf * https://ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices.pdf "3DES provides about 112 bits of security. This is below the recommended minimum of 128 bits, but it's still strong enough. A bigger practical problem is that 3DES is much slower than the alternatives. Thus, we don't recommend it for performance reasons, but it can be kept at the end of the cipher list for interoperability with very old clients." * http://csrc.nist.gov/publications/nistpubs/800-67-Rev1/SP-800-67-Rev1.pdf Use SHA256 for our CA. This avoids accidental use of SHA1 or MD5 which could be default values. Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com> Upstream-commit: a3d5f874c108d3e7d58a7f86c0ef0eea6fcca85f Component: engine