bpo-34542: Update test certs and keys (GH-8997)

Update all test certs and keys to use future proof crypto settings:

* 3072 bit RSA keys
* SHA-256 signature

Signed-off-by: Christian Heimes <christian@python.org>

1 files changed, 3 insertions, 3 deletions

diff --git a/Lib/test/make_ssl_certs.py b/Lib/test/make_ssl_certs.py
index b908c40..3622765 100644
--- a/Lib/test/make_ssl_certs.py
+++ b/Lib/test/make_ssl_certs.py
@@ -69,7 +69,7 @@ req_template = """
     dir = cadir
     database  = $dir/index.txt
     crlnumber = $dir/crl.txt
-    default_md = sha1
+    default_md = sha256
     default_days = 3600
     default_crl_days = 3600
     certificate = pycacert.pem
@@ -108,7 +108,7 @@ here = os.path.abspath(os.path.dirname(__file__))
 
 
 def make_cert_key(hostname, sign=False, extra_san='',
-                  ext='req_x509_extensions_full', key='rsa:2048'):
+                  ext='req_x509_extensions_full', key='rsa:3072'):
     print("creating cert for " + hostname)
     tempnames = []
     for i in range(3):
@@ -174,7 +174,7 @@ def make_ca():
         t.flush()
         with tempfile.NamedTemporaryFile() as f:
             args = ['req', '-new', '-days', '3650', '-extensions', 'v3_ca', '-nodes',
-                    '-newkey', 'rsa:2048', '-keyout', 'pycakey.pem',
+                    '-newkey', 'rsa:3072', '-keyout', 'pycakey.pem',
                     '-out', f.name,
                     '-subj', '/C=XY/L=Castle Anthrax/O=Python Software Foundation CA/CN=our-ca-server']
             check_call(['openssl'] + args)