* CA/Browser Forum’s Ballot SC31 to reduce TLS certificates to 398 days from the present 825 days.
@ 2020-09-14 20:07 Bruce Mitchell
0 siblings, 0 replies; only message in thread
From: Bruce Mitchell @ 2020-09-14 20:07 UTC (permalink / raw)
To: openbmc
The change to reduce the maximum validity period of TLS certificates to 398 days is being discussed in the CA/Browser Forum’s Ballot SC31
https://github.com/cabforum/documents/pull/195
https://blog.mozilla.org/security/2020/07/09/reducing-tls-certificate-lifespans-to-398-days/
> -----Original Message-----
> From: Bruce Mitchell
> Sent: Wednesday, February 12, 2020 09:53
> To: openbmc@lists.ozlabs.org
> Subject: bmcweb Security issue
>
> bmcweb Security issue: according to the The CA/Browser Forum
> https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-
> 1.6.7.pdf ;
> Subscriber Certificates issued after 1 March 2018 MUST have a Validity
> Period no greater than 825 days.
>
> In bmcweb's ssl_key_handler.hpp we have:
> // Cert is valid for 10 years
> X509_gmtime_adj(X509_get_notAfter(x509),
> 60L * 60L * 24L * 365L * 10L);
>
> I believe we want this changed to the 825 days.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-09-14 20:07 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-14 20:07 CA/Browser Forum’s Ballot SC31 to reduce TLS certificates to 398 days from the present 825 days Bruce Mitchell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.