From faffde1f970c0786d0256e4d51725fbe2ceda063 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Thu, 27 Apr 2017 09:54:27 -0700
Subject: [PATCH] Use string cert CA defaults

Switch from sha1 to sha256 and from 1024 bits to 2048 bits. Do this
because things don't like the old inseucre sha1+1024bits combo.

Change-Id: Iae2958969aed0cd880844e19e8055c8bdc7d064d
---
 lib/tls | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/tls b/lib/tls
index 238687c5dd..7c6b967bc4 100644
--- a/lib/tls
+++ b/lib/tls
@@ -113,11 +113,11 @@ new_certs_dir           = \$dir/newcerts
 certificate             = \$dir/cacert.pem
 private_key             = \$dir/private/cacert.key
 RANDFILE                = \$dir/private/.rand
-default_md              = default
+default_md              = sha256
 
 [ req ]
-default_bits            = 1024
-default_md              = sha1
+default_bits            = 2048
+default_md              = sha256
 
 prompt                  = no
 distinguished_name      = ca_distinguished_name