aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Spooren <mail@aparcar.org>2020-08-31 11:39:39 -1000
committerDaniel Golle <daniel@makrotopia.org>2020-11-09 10:54:29 +0000
commit753309c7ddbe2efc7adf288af7f5b170f4f29674 (patch)
treee89c2816ac44ca447c7d5997225e48b81c69b7a0
parentfcd3e13779ca644bfbb0940f39fdf13203bf8211 (diff)
downloadupstream-753309c7ddbe2efc7adf288af7f5b170f4f29674.tar.gz
upstream-753309c7ddbe2efc7adf288af7f5b170f4f29674.tar.bz2
upstream-753309c7ddbe2efc7adf288af7f5b170f4f29674.zip
uhttpd: use P-256 for certs
The uhttpd package takes care of creating self-signed certificates if px5g is installed. This improves the security of router management as it encrypts the LuCI connection. The EC P-256 curve is faster than RSA which which improves the user experience on embedded devices. EC P-256 is support for as old devices as Android 4.4. Signed-off-by: Paul Spooren <mail@aparcar.org>
-rw-r--r--package/network/services/uhttpd/files/uhttpd.config4
1 files changed, 2 insertions, 2 deletions
diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config
index f368d08e8b..aeded08afc 100644
--- a/package/network/services/uhttpd/files/uhttpd.config
+++ b/package/network/services/uhttpd/files/uhttpd.config
@@ -119,13 +119,13 @@ config cert defaults
option days 730
# key type: rsa or ec
- option key_type rsa
+ option key_type ec
# RSA key size
option bits 2048
# EC curve name
- # Curve names vary between mbedtls/px5g and openssl
+ # Curve names vary between px5g-{wolfssl,mbedtls} and openssl
# P-256 or P-384 are guaranteed to work
option ec_curve P-256