From: Aurelien Jarno <aurelien@aurel32.net>
Date: Wed, 3 Apr 2019 08:35:22 +0000 (+0200)
Subject: Use modern cryptography for NTP keys
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=0d7a7ecc227c6a5f86081b4abb494daa4fdc713e;p=mirror%2Fdsa-puppet.git

Use modern cryptography for NTP keys
---

diff --git a/modules/ntp/files/etc-default-ntp b/modules/ntp/files/etc-default-ntp
index 91790cd4f..d5bcb4287 100644
--- a/modules/ntp/files/etc-default-ntp
+++ b/modules/ntp/files/etc-default-ntp
@@ -41,6 +41,6 @@ if ! [ -e "$KEYSDIR/ntpkey_cert_$h" ] ||
 	# on the client this is all we need:
 	if [ -x /usr/sbin/ntp-keygen ] ; then
 		[ -d "$KEYSDIR" ] || install -d -o root -g ntp -m 770 "$KEYSDIR"
-		( cd "$KEYSDIR" && RANDFILE=/dev/urandom /usr/sbin/ntp-keygen -I -H -c RSA-SHA1 -m 1024 )
+		( cd "$KEYSDIR" && RANDFILE=/dev/urandom /usr/sbin/ntp-keygen -I -H -c RSA-SHA256 -m 2048 )
 	fi
 fi