From d8d1c4c87cfecd4389111efbfacae1daa1b5d7fb Mon Sep 17 00:00:00 2001
From: Eric Mill <eric@konklone.com>
Date: Fri, 7 Nov 2014 10:05:00 -0500
Subject: [PATCH] doc: update openssl commands to use best practices

This updates key size to 2048 and default hash function to sha256.

Reviewed-by: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/joyent/node/pull/8690

Cherry-picked-from: https://github.com/joyent/node/commit/88bd95cfef5973de0027b8eb5210e5e97252c7e2
---
 doc/api/tls.markdown | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown
index d63a6eb..7fcafb9 100644
--- a/doc/api/tls.markdown
+++ b/doc/api/tls.markdown
@@ -10,14 +10,14 @@ Secure Socket Layer: encrypted stream communication.
 TLS/SSL is a public/private key infrastructure. Each client and each
 server must have a private key. A private key is created like this:
 
-    openssl genrsa -out ryans-key.pem 1024
+    openssl genrsa -out ryans-key.pem 2048
 
 All servers and some clients need to have a certificate. Certificates are public
 keys signed by a Certificate Authority or self-signed. The first step to
 getting a certificate is to create a "Certificate Signing Request" (CSR)
 file. This is done with:
 
-    openssl req -new -key ryans-key.pem -out ryans-csr.pem
+    openssl req -new -sha256 -key ryans-key.pem -out ryans-csr.pem
 
 To create a self-signed certificate with the CSR, do this:
 
-- 
2.7.4