Skip to content

Fix GH-20175: use 2048-bit default key size in OpenSSL test config#21212

Open
ThanhNguyxn wants to merge 1 commit intophp:PHP-8.3from
ThanhNguyxn:fix/gh-20175-openssl-test-default-bits
Open

Fix GH-20175: use 2048-bit default key size in OpenSSL test config#21212
ThanhNguyxn wants to merge 1 commit intophp:PHP-8.3from
ThanhNguyxn:fix/gh-20175-openssl-test-default-bits

Conversation

@ThanhNguyxn
Copy link

@ThanhNguyxn ThanhNguyxn commented Feb 13, 2026

Summary

OpenSSL 3.2+ defaults to security level 2, which rejects 1024-bit keys. ext/openssl/tests/CertificateGenerator.inc still generated a per-test config with default_bits = 1024, causing failures in tests like gh10495.phpt when default openssl.cnf is not provided.

This updates the generated test config to use default_bits = 2048.

Changes

  • ext/openssl/tests/CertificateGenerator.inc
    • default_bits = 1024 -> default_bits = 2048

Related

@ThanhNguyxn
Fix phpGH-20175: update OpenSSL test default_bits to 2048
f852a33 
OpenSSL 3.2+ defaults to security level 2, which rejects 1024-bit keys.
Update the test helper config to use 2048-bit default key size so
ext/openssl tests relying on generated config remain compatible.
@ThanhNguyxn ThanhNguyxn requested a review from bukka as a code owner February 13, 2026 07:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bukka bukka Awaiting requested review from bukka bukka is a code owner

Assignees

No one assigned

Labels

Extension: openssl

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ThanhNguyxn