From: Paul Spooren <mail@aparcar.org>
Date: Mon, 31 Aug 2020 21:39:39 +0000 (-1000)
Subject: uhttpd: use P-256 for certs
X-Git-Tag: v21.02.0-rc1~1166
X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=753309c7ddbe2efc7adf288af7f5b170f4f29674;p=openwrt%2Fopenwrt.git

uhttpd: use P-256 for certs

The uhttpd package takes care of creating self-signed certificates if
px5g is installed. This improves the security of router management as it
encrypts the LuCI connection.

The EC P-256 curve is faster than RSA which which improves the user
experience on embedded devices. EC P-256 is support for as old devices
as Android 4.4.

Signed-off-by: Paul Spooren <mail@aparcar.org>
---

diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config
index f368d08e8b..aeded08afc 100644
--- a/package/network/services/uhttpd/files/uhttpd.config
+++ b/package/network/services/uhttpd/files/uhttpd.config
@@ -119,13 +119,13 @@ config cert defaults
 	option days		730
 
 	# key type: rsa or ec
-	option key_type		rsa
+	option key_type		ec
 
 	# RSA key size
 	option bits		2048
 
 	# EC curve name
-	# Curve names vary between mbedtls/px5g and openssl
+	# Curve names vary between px5g-{wolfssl,mbedtls} and openssl
 	# P-256 or P-384 are guaranteed to work
 	option ec_curve		P-256