[2.7] bpo-34399: 2048 bits RSA keys and DH params (GH-8762) (GH-8765)
Downstream vendors have started to deprecate weak keys. Update all RSA keys
and DH params to use at least 2048 bits.
Finite field DH param file use RFC 7919 values, generated with
certtool --get-dh-params --sec-param=high
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 88bfd0bce05043f658e50addd21366f317995e35)
Co-authored-by: Christian Heimes <christian@python.org>diff --git a/Lib/test/pycacert.pem b/Lib/test/pycacert.pem
index 09b1f3e..850fa32 100644
--- a/Lib/test/pycacert.pem
+++ b/Lib/test/pycacert.pem
@@ -1,78 +1,79 @@
Certificate:
Data:
Version: 3 (0x2)
- Serial Number: 12723342612721443280 (0xb09264b1f2da21d0)
+ Serial Number:
+ 82:ed:bf:41:c8:80:91:9b
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=XY, O=Python Software Foundation CA, CN=our-ca-server
Validity
- Not Before: Jan 4 19:47:07 2013 GMT
- Not After : Jan 2 19:47:07 2023 GMT
+ Not Before: Jan 19 19:09:06 2018 GMT
+ Not After : Jan 17 19:09:06 2028 GMT
Subject: C=XY, O=Python Software Foundation CA, CN=our-ca-server
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
- 00:e7:de:e9:e3:0c:9f:00:b6:a1:fd:2b:5b:96:d2:
- 6f:cc:e0:be:86:b9:20:5e:ec:03:7a:55:ab:ea:a4:
- e9:f9:49:85:d2:66:d5:ed:c7:7a:ea:56:8e:2d:8f:
- e7:42:e2:62:28:a9:9f:d6:1b:8e:eb:b5:b4:9c:9f:
- 14:ab:df:e6:94:8b:76:1d:3e:6d:24:61:ed:0c:bf:
- 00:8a:61:0c:df:5c:c8:36:73:16:00:cd:47:ba:6d:
- a4:a4:74:88:83:23:0a:19:fc:09:a7:3c:4a:4b:d3:
- e7:1d:2d:e4:ea:4c:54:21:f3:26:db:89:37:18:d4:
- 02:bb:40:32:5f:a4:ff:2d:1c:f7:d4:bb:ec:8e:cf:
- 5c:82:ac:e6:7c:08:6c:48:85:61:07:7f:25:e0:5c:
- e0:bc:34:5f:e0:b9:04:47:75:c8:47:0b:8d:bc:d6:
- c8:68:5f:33:83:62:d2:20:44:35:b1:ad:81:1a:8a:
- cd:bc:35:b0:5c:8b:47:d6:18:e9:9c:18:97:cc:01:
- 3c:29:cc:e8:1e:e4:e4:c1:b8:de:e7:c2:11:18:87:
- 5a:93:34:d8:a6:25:f7:14:71:eb:e4:21:a2:d2:0f:
- 2e:2e:d4:62:00:35:d3:d6:ef:5c:60:4b:4c:a9:14:
- e2:dd:15:58:46:37:33:26:b7:e7:2e:5d:ed:42:e4:
- c5:4d
+ 00:c3:18:69:6b:c9:47:29:98:8e:b1:56:c2:2e:fa:
+ 0e:5e:bc:23:80:b3:07:62:24:d2:42:5b:f1:4a:bf:
+ a9:c8:21:75:c8:e3:e6:2c:1f:87:3c:6e:7c:1b:ed:
+ 39:32:95:b7:40:b2:60:48:c3:9a:16:08:fe:6d:67:
+ 88:34:3b:77:77:70:1c:70:5a:d1:1f:5f:04:21:54:
+ b9:0c:e3:41:85:1d:58:ee:2f:ed:f3:0e:ef:d8:23:
+ a1:fa:73:fb:4c:28:e0:e5:e6:4d:0b:02:52:49:86:
+ c7:be:7e:bd:e6:56:76:8b:70:8e:0a:8f:06:33:20:
+ 1d:7b:5b:aa:d0:c5:1b:ab:9b:cc:54:09:3c:bf:e4:
+ 40:66:f1:fb:d6:f7:16:9d:c4:19:d4:c3:f2:ff:07:
+ bc:6f:5a:9e:25:1b:02:4a:a5:ec:42:96:3a:70:d2:
+ 6c:99:2b:ce:be:e8:d2:01:ef:d5:ba:b0:cf:94:3e:
+ 82:d0:01:d6:4b:71:80:03:0a:12:45:86:79:81:d8:
+ 4b:d2:e8:b5:b7:2c:6c:9a:4c:8a:10:10:e4:e4:f5:
+ df:ce:84:91:ca:d1:46:e0:84:73:17:66:db:69:43:
+ 78:80:83:be:14:4d:f1:3e:1a:d6:6c:f5:de:45:f3:
+ 39:af:91:d5:3d:54:44:bf:41:cc:73:68:1a:fc:24:
+ db:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- BC:DD:62:D9:76:DA:1B:D2:54:6B:CF:E0:66:9B:1E:1E:7B:56:0C:0B
+ 9A:CF:CF:6E:EB:71:3D:DB:3C:F1:AE:88:6B:56:72:03:CB:08:A7:48
X509v3 Authority Key Identifier:
- keyid:BC:DD:62:D9:76:DA:1B:D2:54:6B:CF:E0:66:9B:1E:1E:7B:56:0C:0B
+ keyid:9A:CF:CF:6E:EB:71:3D:DB:3C:F1:AE:88:6B:56:72:03:CB:08:A7:48
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
- 7d:0a:f5:cb:8d:d3:5d:bd:99:8e:f8:2b:0f:ba:eb:c2:d9:a6:
- 27:4f:2e:7b:2f:0e:64:d8:1c:35:50:4e:ee:fc:90:b9:8d:6d:
- a8:c5:c6:06:b0:af:f3:2d:bf:3b:b8:42:07:dd:18:7d:6d:95:
- 54:57:85:18:60:47:2f:eb:78:1b:f9:e8:17:fd:5a:0d:87:17:
- 28:ac:4c:6a:e6:bc:29:f4:f4:55:70:29:42:de:85:ea:ab:6c:
- 23:06:64:30:75:02:8e:53:bc:5e:01:33:37:cc:1e:cd:b8:a4:
- fd:ca:e4:5f:65:3b:83:1c:86:f1:55:02:a0:3a:8f:db:91:b7:
- 40:14:b4:e7:8d:d2:ee:73:ba:e3:e5:34:2d:bc:94:6f:4e:24:
- 06:f7:5f:8b:0e:a7:8e:6b:de:5e:75:f4:32:9a:50:b1:44:33:
- 9a:d0:05:e2:78:82:ff:db:da:8a:63:eb:a9:dd:d1:bf:a0:61:
- ad:e3:9e:8a:24:5d:62:0e:e7:4c:91:7f:ef:df:34:36:3b:2f:
- 5d:f5:84:b2:2f:c4:6d:93:96:1a:6f:30:28:f1:da:12:9a:64:
- b4:40:33:1d:bd:de:2b:53:a8:ea:be:d6:bc:4e:96:f5:44:fb:
- 32:18:ae:d5:1f:f6:69:af:b6:4e:7b:1d:58:ec:3b:a9:53:a3:
- 5e:58:c8:9e
+ 10:25:c8:dc:0c:55:5c:cb:83:6e:79:ef:77:ec:0d:8e:0c:06:
+ c1:4b:0c:d6:f7:75:52:21:b8:17:4a:38:88:9d:b3:78:c4:42:
+ fb:b8:7c:14:38:10:fb:ac:da:11:00:5b:42:87:5e:45:9f:6d:
+ 4e:42:a4:9a:18:06:39:0f:45:a6:96:89:32:d6:59:b3:d3:8e:
+ e3:95:b6:c4:a2:4b:74:2f:67:c1:fb:bb:f9:72:6f:37:4a:e7:
+ f4:48:33:71:df:b8:f5:e6:41:3f:d5:d5:2f:26:09:f8:0e:92:
+ ff:70:ea:f6:ab:58:fb:90:04:d6:43:2e:8f:b1:fb:06:ab:69:
+ d0:dc:a8:f8:5b:07:f2:d4:66:1f:63:f8:5d:c1:9e:41:44:bb:
+ c9:e8:7d:e0:46:e4:a7:c8:32:5f:31:62:e5:1c:5c:89:dd:b7:
+ a2:4f:9e:0d:13:b8:5f:b1:84:53:4c:1f:ce:19:e1:01:00:5e:
+ bf:41:55:94:a9:a5:13:db:f2:59:f3:d6:4e:b9:9d:9d:b9:0a:
+ d9:b2:18:6d:7c:b1:f7:96:aa:bd:f6:f9:95:0f:4a:6e:3c:7c:
+ 46:5b:df:d4:78:ec:9a:dc:e2:e3:01:e6:88:77:39:93:9c:ba:
+ 2a:63:f9:25:4b:4f:ac:08:79:39:c6:7b:df:07:35:ba:c0:c2:
+ 50:bf:5a:81
-----BEGIN CERTIFICATE-----
-MIIDbTCCAlWgAwIBAgIJALCSZLHy2iHQMA0GCSqGSIb3DQEBBQUAME0xCzAJBgNV
+MIIDbTCCAlWgAwIBAgIJAILtv0HIgJGbMA0GCSqGSIb3DQEBBQUAME0xCzAJBgNV
BAYTAlhZMSYwJAYDVQQKDB1QeXRob24gU29mdHdhcmUgRm91bmRhdGlvbiBDQTEW
-MBQGA1UEAwwNb3VyLWNhLXNlcnZlcjAeFw0xMzAxMDQxOTQ3MDdaFw0yMzAxMDIx
-OTQ3MDdaME0xCzAJBgNVBAYTAlhZMSYwJAYDVQQKDB1QeXRob24gU29mdHdhcmUg
+MBQGA1UEAwwNb3VyLWNhLXNlcnZlcjAeFw0xODAxMTkxOTA5MDZaFw0yODAxMTcx
+OTA5MDZaME0xCzAJBgNVBAYTAlhZMSYwJAYDVQQKDB1QeXRob24gU29mdHdhcmUg
Rm91bmRhdGlvbiBDQTEWMBQGA1UEAwwNb3VyLWNhLXNlcnZlcjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAOfe6eMMnwC2of0rW5bSb8zgvoa5IF7sA3pV
-q+qk6flJhdJm1e3HeupWji2P50LiYiipn9Ybjuu1tJyfFKvf5pSLdh0+bSRh7Qy/
-AIphDN9cyDZzFgDNR7ptpKR0iIMjChn8Cac8SkvT5x0t5OpMVCHzJtuJNxjUArtA
-Ml+k/y0c99S77I7PXIKs5nwIbEiFYQd/JeBc4Lw0X+C5BEd1yEcLjbzWyGhfM4Ni
-0iBENbGtgRqKzbw1sFyLR9YY6ZwYl8wBPCnM6B7k5MG43ufCERiHWpM02KYl9xRx
-6+QhotIPLi7UYgA109bvXGBLTKkU4t0VWEY3Mya35y5d7ULkxU0CAwEAAaNQME4w
-HQYDVR0OBBYEFLzdYtl22hvSVGvP4GabHh57VgwLMB8GA1UdIwQYMBaAFLzdYtl2
-2hvSVGvP4GabHh57VgwLMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB
-AH0K9cuN0129mY74Kw+668LZpidPLnsvDmTYHDVQTu78kLmNbajFxgawr/Mtvzu4
-QgfdGH1tlVRXhRhgRy/reBv56Bf9Wg2HFyisTGrmvCn09FVwKULeheqrbCMGZDB1
-Ao5TvF4BMzfMHs24pP3K5F9lO4MchvFVAqA6j9uRt0AUtOeN0u5zuuPlNC28lG9O
-JAb3X4sOp45r3l519DKaULFEM5rQBeJ4gv/b2opj66nd0b+gYa3jnookXWIO50yR
-f+/fNDY7L131hLIvxG2TlhpvMCjx2hKaZLRAMx293itTqOq+1rxOlvVE+zIYrtUf
-9mmvtk57HVjsO6lTo15YyJ4=
+hvcNAQEBBQADggEPADCCAQoCggEBAMMYaWvJRymYjrFWwi76Dl68I4CzB2Ik0kJb
+8Uq/qcghdcjj5iwfhzxufBvtOTKVt0CyYEjDmhYI/m1niDQ7d3dwHHBa0R9fBCFU
+uQzjQYUdWO4v7fMO79gjofpz+0wo4OXmTQsCUkmGx75+veZWdotwjgqPBjMgHXtb
+qtDFG6ubzFQJPL/kQGbx+9b3Fp3EGdTD8v8HvG9aniUbAkql7EKWOnDSbJkrzr7o
+0gHv1bqwz5Q+gtAB1ktxgAMKEkWGeYHYS9LotbcsbJpMihAQ5OT1386EkcrRRuCE
+cxdm22lDeICDvhRN8T4a1mz13kXzOa+R1T1URL9BzHNoGvwk25ECAwEAAaNQME4w
+HQYDVR0OBBYEFJrPz27rcT3bPPGuiGtWcgPLCKdIMB8GA1UdIwQYMBaAFJrPz27r
+cT3bPPGuiGtWcgPLCKdIMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB
+ABAlyNwMVVzLg25573fsDY4MBsFLDNb3dVIhuBdKOIids3jEQvu4fBQ4EPus2hEA
+W0KHXkWfbU5CpJoYBjkPRaaWiTLWWbPTjuOVtsSiS3QvZ8H7u/lybzdK5/RIM3Hf
+uPXmQT/V1S8mCfgOkv9w6varWPuQBNZDLo+x+waradDcqPhbB/LUZh9j+F3BnkFE
+u8nofeBG5KfIMl8xYuUcXIndt6JPng0TuF+xhFNMH84Z4QEAXr9BVZSppRPb8lnz
+1k65nZ25CtmyGG18sfeWqr32+ZUPSm48fEZb39R47Jrc4uMB5oh3OZOcuipj+SVL
+T6wIeTnGe98HNbrAwlC/WoE=
-----END CERTIFICATE-----