FlashFXP Forums - View Single Post

Yil · 01-08-2015, 06:09 AM

Check out MakeCert in OpenSSL.c, in particular you'll want RSA_generate_key_ex() to up it from 1024 to whatever. I honestly don't know if using 4096 bits is supported everywhere though. I think I remember reading google was going to 2048 with their public cert so I would assume most encryption libraries can handle that, but just can't say for sure with 4096 but I think it should be OK.

Given that so few (maybe you and one other person) have even tried to compile the code I've just been lazy with using a code repository. If you do find yourself doing more than tweaking the cert size I'll see about putting it online somewhere.

The one other thing I think you'll want to look at is the GetSslOptionBit() function. I'm not a big OpenSSL user so I really don't know if there is a built-in library function to parse text into bits so I wrote that one. There is obviously one to take the wanted cypher text and generate a list of cypers from that, but I didn't see one for options but the docs kinda suck. I think I even searched the code for some of the rare text strings and didn't turn up any conversion function but they may have added one or I just missed it. The obvious issue is it's probably missing a new option or three by now so I'd update that since you're likely using the latest OpenSSL libs.

01-08-2015, 06:09 AM
Yil Too much time... Join Date: May 2005 Posts: 1,194	Check out MakeCert in OpenSSL.c, in particular you'll want RSA_generate_key_ex() to up it from 1024 to whatever. I honestly don't know if using 4096 bits is supported everywhere though. I think I remember reading google was going to 2048 with their public cert so I would assume most encryption libraries can handle that, but just can't say for sure with 4096 but I think it should be OK. Given that so few (maybe you and one other person) have even tried to compile the code I've just been lazy with using a code repository. If you do find yourself doing more than tweaking the cert size I'll see about putting it online somewhere. The one other thing I think you'll want to look at is the GetSslOptionBit() function. I'm not a big OpenSSL user so I really don't know if there is a built-in library function to parse text into bits so I wrote that one. There is obviously one to take the wanted cypher text and generate a list of cypers from that, but I didn't see one for options but the docs kinda suck. I think I even searched the code for some of the rare text strings and didn't turn up any conversion function but they may have added one or I just missed it. The obvious issue is it's probably missing a new option or three by now so I'd update that since you're likely using the latest OpenSSL libs.