From 96b8799325fa0f53fad4db529cbd2d25af42ebff Mon Sep 17 00:00:00 2001
From: Robie Basak <robie@justgohome.co.uk>
Date: Sat, 13 Apr 2019 17:02:53 +0100
Subject: [PATCH] Increase key size to 2048 bits

Debian changed the default security level to 2 since openssl package
version 1.1.1~~pre9-1 (August 2018), which requires a minimum key size
of 2048 bit or larger RSA and DHE keys. To avoid test failures on newer
Debian systems against OpenSSL, use a key size of at least 2048 bits.

Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926652
Forwarded: https://github.com/python-trio/trustme/pull/45
Last-Update: 2019-04-13
---
 trustme/__init__.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

--- a/trustme/__init__.py
+++ b/trustme/__init__.py
@@ -33,7 +33,12 @@
 # On my laptop, making a CA + server certificate using 1024 bit keys takes ~40
 # ms, and using 4096 bit keys takes ~2 seconds. We want tests to run in 40 ms,
 # not 2 seconds.
-_KEY_SIZE = 1024
+#
+# However, Debian changed the default security level to 2 in openssl
+# 1.1.1~~pre9-1 (August 2018), which requires a minimum key size of 2048 bit or
+# larger for RSA and DHE keys. To avoid test failures on newer Debian systems
+# against OpenSSL, we must therefore use a key size of at least 2048 bits.
+_KEY_SIZE = 2048
 
 def _name(name):
     return x509.Name([
