diff options
| author | Paul Spooren <mail@aparcar.org> | 2020-08-31 11:39:39 -1000 |
|---|---|---|
| committer | Daniel Golle <daniel@makrotopia.org> | 2020-11-09 10:54:29 +0000 |
| commit | 753309c7ddbe2efc7adf288af7f5b170f4f29674 (patch) | |
| tree | e89c2816ac44ca447c7d5997225e48b81c69b7a0 | |
| parent | fcd3e13779ca644bfbb0940f39fdf13203bf8211 (diff) | |
| download | upstream-753309c7ddbe2efc7adf288af7f5b170f4f29674.tar.gz upstream-753309c7ddbe2efc7adf288af7f5b170f4f29674.tar.bz2 upstream-753309c7ddbe2efc7adf288af7f5b170f4f29674.zip | |
uhttpd: use P-256 for certs
The uhttpd package takes care of creating self-signed certificates if
px5g is installed. This improves the security of router management as it
encrypts the LuCI connection.
The EC P-256 curve is faster than RSA which which improves the user
experience on embedded devices. EC P-256 is support for as old devices
as Android 4.4.
Signed-off-by: Paul Spooren <mail@aparcar.org>
| -rw-r--r-- | package/network/services/uhttpd/files/uhttpd.config | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config index f368d08e8b..aeded08afc 100644 --- a/package/network/services/uhttpd/files/uhttpd.config +++ b/package/network/services/uhttpd/files/uhttpd.config @@ -119,13 +119,13 @@ config cert defaults option days 730 # key type: rsa or ec - option key_type rsa + option key_type ec # RSA key size option bits 2048 # EC curve name - # Curve names vary between mbedtls/px5g and openssl + # Curve names vary between px5g-{wolfssl,mbedtls} and openssl # P-256 or P-384 are guaranteed to work option ec_curve P-256 |