[cabfpub] CISCO issue
agl at google.com
Fri Jan 24 16:12:08 UTC 2014
On Fri, Jan 24, 2014 at 2:49 AM, <i-barreira at izenpe.net> wrote:
> These are kind of accelerators are used to increase the performance of the
> SSL connections.
> The problem so far is that these products don´t support RSA 4096 bits
> because of performance reasons according to CISCO answers and our CAs key
> length are of 4K, the good news is that in the latest software version
> available (A5-3.0 in January 2014) support TLS 1.1 and TLS 1.2.
SSL terminator devices often have key length restrictions on the size of
the leaf key - i.e. the key that they are performing decryptions and
signatures with. However, the size of the issuing CA's key isn't a factor:
that's just bytes in the certificate chain that it sends.
Are you sure that there just hasn't been a miscommunication? I suspect that
you'll find that a 2048-bit certificate signed with a 4096-bit certificate
will be just fine.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public