From f8ba4ad7aaf408dc885025502e66e37892d03454 Mon Sep 17 00:00:00 2001
From: Nathan Cutler <ncutler@suse.com>
Date: Tue, 25 Jun 2024 13:38:37 +0200
Subject: [PATCH] obs_ag_installation_and_configuration: re-massage crypto
 advice

Signed-off-by: Nathan Cutler <ncutler@suse.com>
---
 xml/obs_ag_installation_and_configuration.xml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/xml/obs_ag_installation_and_configuration.xml b/xml/obs_ag_installation_and_configuration.xml
index 6cf28156..71759c0b 100644
--- a/xml/obs_ag_installation_and_configuration.xml
+++ b/xml/obs_ag_installation_and_configuration.xml
@@ -499,8 +499,10 @@ openssl x509 -req -days 365 -in /srv/obs/certs/server.csr \
         -signkey /srv/obs/certs/server.key -out /srv/obs/certs/server.crt
 cat /srv/obs/certs/server.key /srv/obs/certs/server.crt \
       &gt; /srv/obs/certs/server.pem</screen>
-    <para>If 4096 bits is too small for the RSA key, or if you're wondering why
-     that number of bits, etc., read the output of</para>
+    <para>At the time of this writing (2024), we consider the 4K RSA key
+     to be a safe implementation, but you might want to check out the
+     current standards by consulting (on both client and server side)
+     the output of</para>
     <screen><command>man crypto-policies</command></screen>
     <para>and</para>
     <screen><command>man update-crypto-policies</command></screen>