Bug 3862 - Generate TLS keys and certificates on target system
Summary: Generate TLS keys and certificates on target system
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Other (show other bugs)
Version: 3.1.2
Hardware: PC All
: P2 Enhancement
Target Milestone: MediumPrio
Assignee: Bugzilla mail exporter
Depends on:
Reported: 2011-07-01 17:46 CEST by Pierre Ossman
Modified: 2021-06-09 09:37 CEST (History)
0 users

See Also:
Acceptance Criteria:


Description Pierre Ossman cendio 2011-07-01 17:46:24 CEST
Right now we ship with hard coded DH parameters and a default certificate. That means that security is rather poor as every tladm installation will by default have the same encryption.

We should do what most other servers do, and generate these things on the target system.

(Actually, we can probably keep the DH params hard coded. It seems that this is commonly done, although I don't quite understand the security implications of it. We could at least generate new ones as part of the build.)
Comment 1 Pierre Ossman cendio 2011-12-06 13:27:18 CET
New, ThinLinc-specific DH parameters in r23603.
Comment 2 Pierre Ossman cendio 2021-06-09 09:37:08 CEST
Diffie-Hellman parameters should ideally not be generated these days (see bug 7723), so this bug is now just about our certificates.

Note You need to log in before you can comment on or make changes to this bug.