upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch '4222-inline-system-test-ns7-fails-to-start' into 'main'

Browse source 
Change RSASHA256 key length to be FIPS compliant

Closes #4222

See merge request isc-projects/bind9!8131
This commit is contained in:
Matthijs Mekking 2023-07-25 06:42:17 +00:00
commit 539a4581ea
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bin/tests/system/inline/ns7/named.conf.in
View file

@ -53,7 +53,7 @@ dnssec-policy "nsec3" {
keys {
ksk key-directory lifetime unlimited algorithm RSASHA256 2048;
zsk key-directory lifetime unlimited algorithm RSASHA256 2048;
zsk key-directory lifetime unlimited algorithm RSASHA256 1024;
zsk key-directory lifetime unlimited algorithm RSASHA256 4096;
};
nsec3param iterations 0 optout no salt-length 0;

2
bin/tests/system/inline/ns7/sign.sh
View file

@ -19,6 +19,6 @@
zone=nsec3-loop
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
keyname=$($KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone)
keyname=$($KEYGEN -q -a RSASHA256 -b 4096 -n zone $zone)
keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone -f KSK $zone)