uhttpd: use P-256 for certs

The uhttpd package takes care of creating self-signed certificates if
px5g is installed. This improves the security of router management as it
encrypts the LuCI connection.

The EC P-256 curve is faster than RSA which which improves the user
experience on embedded devices. EC P-256 is support for as old devices
as Android 4.4.

Signed-off-by: Paul Spooren <mail@aparcar.org>

diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config
index f368d08e8bc703c7ec43fbabdd7cb0bfdfc6c395..aeded08afc952a986d3c2e8a27ae2bca06f7d5c3 100644 (file)
--- a/package/network/services/uhttpd/files/uhttpd.config
+++ b/package/network/services/uhttpd/files/uhttpd.config
@@ -119,13 +119,13 @@ config cert defaults
        option days             730
 
        # key type: rsa or ec
-       option key_type         rsa
+       option key_type         ec
 
        # RSA key size
        option bits             2048
 
        # EC curve name
-       # Curve names vary between mbedtls/px5g and openssl
+       # Curve names vary between px5g-{wolfssl,mbedtls} and openssl
        # P-256 or P-384 are guaranteed to work
        option ec_curve         P-256