From 753309c7ddbe2efc7adf288af7f5b170f4f29674 Mon Sep 17 00:00:00 2001
From: Paul Spooren <mail@aparcar.org>
Date: Mon, 31 Aug 2020 11:39:39 -1000
Subject: uhttpd: use P-256 for certs

The uhttpd package takes care of creating self-signed certificates if
px5g is installed. This improves the security of router management as it
encrypts the LuCI connection.

The EC P-256 curve is faster than RSA which which improves the user
experience on embedded devices. EC P-256 is support for as old devices
as Android 4.4.

Signed-off-by: Paul Spooren <mail@aparcar.org>
---
 package/network/services/uhttpd/files/uhttpd.config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config
index f368d08e8b..aeded08afc 100644
--- a/package/network/services/uhttpd/files/uhttpd.config
+++ b/package/network/services/uhttpd/files/uhttpd.config
@@ -119,13 +119,13 @@ config cert defaults
 	option days		730
 
 	# key type: rsa or ec
-	option key_type		rsa
+	option key_type		ec
 
 	# RSA key size
 	option bits		2048
 
 	# EC curve name
-	# Curve names vary between mbedtls/px5g and openssl
+	# Curve names vary between px5g-{wolfssl,mbedtls} and openssl
 	# P-256 or P-384 are guaranteed to work
 	option ec_curve		P-256
 
-- 
cgit v1.2.3