1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL certificate contains weak key

Discussion in 'Tomato Firmware' started by gfunkdave, May 2, 2013.

  1. gfunkdave

    gfunkdave LI Guru Member

    On a lark, I set Tomato to use HTTPS for administration and installed its self-signed certificate on my PC. I still get an error, however, that the certificate contains a weak key. I checked, and sure enough it's a 512 bit key. Can we boost that up to 2048 bit? Or is it such a short key dues to NVRAM space constraints?

  2. jerrm

    jerrm Network Guru Member

    Shibby went to a 2048 bit key in the last few revisions. Toastman hasn't yet. Don't know if he has a reason, or if it just wasn't on his radar.
  3. shibby20

    shibby20 Network Guru Member

  4. Kevin Darbyshire-Bryant

    Kevin Darbyshire-Bryant Networkin' Nut Member

    And there goes another 1.5K in NVRAM!

    On the other hand this is becoming a mandatory fix, there are certain combinations of IE and windows updates that now refuse to allow you to browse to websites with 'short' keys. The fact the CN & ip address etc don't match can be ignored...it just won't let you use short encryption keys.
  5. shibby20

    shibby20 Network Guru Member

    but you dont have to save cert to nvram. You can leave it in ram and after reboot it will be re-gerenate. This way allow you save some space in nvram.

Share This Page