The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,

> I have changed the radius certificate with a ECDH cert generated from
> OpenSSL (prime256v1).
> 
> The sanity check CAT tool complains it is too short (< 1024 bits). May I
> ignore the warning?

The key length check was indeed written with the implicit assumption
that we're talking RSA keys.

For ECDH keys, you indeed ignore the warning, and I'll update the code
base to check for that.

It would be helpful to get a copy of your server cert as a test object.

However, out of curiosity: do you already use this in production? What
is the support landscape for EC certificates across typical client
devices? Do you see any incompatibilities?

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature