On Wed, Jun 15, 2022 at 01:56:59AM +0530, P V Anthony wrote:
> On 15/6/2022 1:45 am, Viktor Dukhovni wrote:
>
> > Two comments on your server setup:
> >
> > * The server certificate is 4096 bit RSA. This is needlessly turgid.
> > The issuing CA is 2048 bits, there is little to gain from a
> > stronger EE key. Some peer libraries may not support keys of this
> > size.
>
> I use Let's Encrypt. Need to figure out how to change to 2048 bits.
> Google search time.
For this, in the renewal configuration file:
rsa_key_size = 2048
or on the command-line:
--rsa-key-size=2048
--
Viktor.
