Vendor swarmkit to change root key to P-256

Signed-off-by: Tibor Vass <tibor@docker.com>
2016-08-16 15:44:54 -07:00 · 2016-08-16 15:44:54 -07:00 · a544fe4b38
parent 09dc9a2a9e
commit a544fe4b38
2 changed files with 6 additions and 5 deletions
--- a/hack/vendor.sh
+++ b/hack/vendor.sh
@ -139,7 +139,7 @@ clone git github.com/docker/docker-credential-helpers v0.3.0
 clone git github.com/docker/containerd 0ac3cd1be170d180b2baed755e8f0da547ceb267

 # cluster
-clone git github.com/docker/swarmkit 3708fb309aacfff321759bcdcc99b0f57806d27f
+clone git github.com/docker/swarmkit bfbec9f2b6a487100a80027f6ee16cc0c646a8f5
 clone git github.com/golang/mock bd3c8e81be01eef76d4b503f5e687d2d1354d2d9
 clone git github.com/gogo/protobuf 43a2e0b1c32252bfbbdf81f7faa7a88fb3fa4028
 clone git github.com/cloudflare/cfssl b895b0549c0ff676f92cf09ba971ae02bb41367b
--- a/vendor/src/github.com/docker/swarmkit/ca/certificates.go
+++ b/vendor/src/github.com/docker/swarmkit/ca/certificates.go
@ -37,13 +37,14 @@ import (
 const (
 	// Security Strength Equivalence
 	//-----------------------------------
-	//| Key-type |  ECC  |  DH/DSA/RSA  |
-	//|   Node   |  256  |     3072     |
-	//|   Root   |  384  |     7680     |
+	//| ECC  |  DH/DSA/RSA  |
+	//| 256  |     3072     |
+	//| 384  |     7680     |
 	//-----------------------------------

 	// RootKeySize is the default size of the root CA key
-	RootKeySize = 384
+	// It would be ideal for the root key to use P-384, but in P-384 is not optimized in go yet :(
+	RootKeySize = 256
 	// RootKeyAlgo defines the default algorithm for the root CA Key
 	RootKeyAlgo = "ecdsa"
 	// PassphraseENVVar defines the environment variable to look for the