3862 – Generate TLS keys and certificates on target system

Bug 3862 - Generate TLS keys and certificates on target system

Summary: Generate TLS keys and certificates on target system

Status:	NEW

Alias:	None

Product:	ThinLinc
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	3.1.2
Hardware:	PC All

Importance:	P2 Enhancement
Target Milestone:	MediumPrio
Assignee:	Bugzilla mail exporter

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-07-01 17:46 CEST by Pierre Ossman
Modified:	2021-06-09 09:37 CEST (History)
CC List:	0 users

See Also:	7723
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Ossman cendio

2011-07-01 17:46:24 CEST

Right now we ship with hard coded DH parameters and a default certificate. That means that security is rather poor as every tladm installation will by default have the same encryption.

We should do what most other servers do, and generate these things on the target system.

(Actually, we can probably keep the DH params hard coded. It seems that this is commonly done, although I don't quite understand the security implications of it. We could at least generate new ones as part of the build.)

Comment 1 Pierre Ossman cendio

2011-12-06 13:27:18 CET

New, ThinLinc-specific DH parameters in r23603.

Comment 2 Pierre Ossman cendio

2021-06-09 09:37:08 CEST

Diffie-Hellman parameters should ideally not be generated these days (see bug 7723), so this bug is now just about our certificates.

Note You need to log in before you can comment on or make changes to this bug.