Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to tls.0.13.0 #23

Merged
merged 1 commit into from
Apr 14, 2021
Merged

Upgrade to tls.0.13.0 #23

merged 1 commit into from
Apr 14, 2021

Conversation

dinosaure
Copy link
Contributor

A possible way to upgrade letsencrypt with tls.0.13.0. I consider any other (than RSA) type of accound-key as unsupported.

@dinosaure
Copy link
Contributor Author

/cc @hannesm

@dinosaure
Copy link
Contributor Author

Let’s Encrypt accepts RSA keys that are 2048, 3072, or 4096 bits in length and P-256 or P-384 ECDSA keys. That’s true for both account keys and certificate keys. You can’t reuse an account key as a certificate key.

It's seems that let's encrypt support P-256 and P-384 account-key. Should we support them?

@hannesm
Copy link
Collaborator

hannesm commented Apr 14, 2021

the issue is a bit deeper, we'll need JWA support for that (and then there's the question about switching to the opam jose package instead of the custom implementation). this PR seems to address the bin/oacmel only, I'm wondering whether the library needs some adaption as well (but eventually it does not).

@hannesm hannesm merged commit 91da5bb into robur-coop:master Apr 14, 2021
@hannesm
Copy link
Collaborator

hannesm commented Apr 14, 2021

thanks, this is fine for unblocking the release train.

hannesm added a commit to hannesm/opam-repository that referenced this pull request Apr 14, 2021
CHANGES:

* adapt to X.509 0.12.0 (robur-coop/ocaml-letsencrypt#23 @dinosaure) by completing the pattern match in
  oacmel (still, only RSA account keys are supported)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants