From 056d2d9088341344e8aacb90692c756c5f484f8e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=A9ctor=20Molinero=20Fern=C3=A1ndez?=
 <hector@molinero.dev>
Date: Tue, 1 Jun 2021 21:40:09 +0200
Subject: [PATCH] Switch to 256-bit ECDSA RDP key

---
 scripts/bin/container-init | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/bin/container-init b/scripts/bin/container-init
index 7099cb5..d94e2d8 100755
--- a/scripts/bin/container-init
+++ b/scripts/bin/container-init
@@ -95,11 +95,11 @@ if [ ! -f "${XRDP_TLS_KEY_PATH:?}" ] || [ ! -f "${XRDP_TLS_CRT_PATH:?}" ]; then
 	FQDN=$(hostname --fqdn)
 
 	(umask 077 \
-		&& openssl genrsa -out "${XRDP_TLS_KEY_PATH:?}" 2048 \
+		&& openssl ecparam -genkey -name prime256v1 > "${XRDP_TLS_KEY_PATH:?}" \
 	) >/dev/null
 
 	(umask 022 \
-		&& openssl req -x509 -subj "/CN=${FQDN:?}" -addext "subjectAltName=DNS:${FQDN:?}" -days 3650 -key "${XRDP_TLS_KEY_PATH:?}" > "${XRDP_TLS_CRT_PATH:?}" \
+		&& openssl req -x509 -sha256 -days 3650 -subj "/CN=${FQDN:?}" -addext "subjectAltName=DNS:${FQDN:?}" -key "${XRDP_TLS_KEY_PATH:?}" > "${XRDP_TLS_CRT_PATH:?}" \
 	) >/dev/null
 fi