Px5g to be improved

px5g generates 512 bit keys, hardcoded, unfortunately. Which is outdated, should be 2048 nowadays. To avoid complaints of certain SSL-modules about "... key too short."

Make a PR:
mbedtls:

wolfssl is 2048 already

In practice uhttpd script adds 2048 by parameter for default key, so there is no operational constraint.
Check https://cabforum.org/working-groups/server/baseline-requirements/requirements/ also, might be some other deficiencies in defaults.

1 Like

px5g-mbedtls.c has to be edited in 2 locations, not just one. And because it is also used as px5g-standalone on my 23.05.4, the update of px5g-wolff is not sufficient.

Only use adds proper parameter:

Thank you for this hint. But that does not solve the issue, only my direct edit of px5g-mbedtls.c and re-build. It is an annoyance, when px5g-wolff and px5g-mbedtls have different functionality.

You add parameters to your calling script or submit a PR via github, there is no way present px5g suddenly blinks a byte and changes behaviour without recompilong.