Re: SSL tests failing with "ee key too small" error on Debian SID

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
Cc: Kyotaro HORIGUCHI <horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp>, michael(at)paquier(dot)xyz, pgsql-hackers(at)postgresql(dot)org, hlinnaka(at)iki(dot)fi
Subject: Re: SSL tests failing with "ee key too small" error on Debian SID
Date: 2018-11-27 14:37:17
Message-ID: 32191.1543329437@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> writes:
> On 01/10/2018 14:18, Kyotaro HORIGUCHI wrote:
>> The attached second patch just changes key size to 2048 bits and
>> "ee key too small" are eliminated in 001_ssltests_master, but
>> instead I got "ca md too weak" error. This is eliminated by using
>> sha256 instead of sha1 in cas.config. (third attached)

> I have applied these configuration changes and created a new set of test
> files with them.

Buildfarm critters aren't going to be happy unless you back-patch that.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Stephen Frost 2018-11-27 14:39:23 Re: pgsql: Integrate recovery.conf into postgresql.conf
Previous Message Peter Eisentraut 2018-11-27 14:36:59 Re: Continue work on changes to recovery.conf API