-2

This is related to this Bug-Report

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747453

OpenSSL contains a set of arbitrary limitations on the size of accepted key parameters that make unrelated software fail to establish secure connections. The problem was found while debugging a XMPP s2s connection issue where two servers with long certificate keys (8192 Bit RSA) failed to establish a secure connection because OpenSSL rejected the handshake.

This seems to be a small problem to be fixed but although there is an easy patch available to fix the issue in that bug report, no reactions are noticed so far..

The last patch that broke the 2048 barrier took 2 years to be implemented and only resulted in an increase to 4096bit, which seems to be a bad joke.

Where would we have to report this to speed up the implementation for such an issue?

Community
  • 1
rubo77
  • 2,469
  • 4
  • 34
  • 66

1 Answers1

1

The best thing to do would be to choose a distribution that doesn't cause you pain.

For instance, on gentoo and ubuntu, everything updated to the latest stable versions as of today (gentoo ~x86), I am able to use 16384-bit RSA keys with openssl without issue.

You can't do anything to force a distribution to improve itself unless you're part of that distribution's leadership. Reporting the bug and making noise toward people who can commit the fix is all you can do.

Falcon Momot
  • 25,244
  • 15
  • 63
  • 92