Skip to content

Update a single text description "PRIVATE KEY"#2884

Open
DoctorD90 wants to merge 1 commit into
pi-hole:developmentfrom
DoctorD90:development
Open

Update a single text description "PRIVATE KEY"#2884
DoctorD90 wants to merge 1 commit into
pi-hole:developmentfrom
DoctorD90:development

Conversation

@DoctorD90
Copy link
Copy Markdown

@DoctorD90 DoctorD90 commented May 8, 2026

What does this PR aim to accomplish?:

Extend the meaning of “PRIVATE KEY” in the webserver.tls.cert description to include RSA and ECC keys.

How does this PR accomplish the above?:

The term “RSA PRIVATE KEY” has been replaced with the more general “PRIVATE KEY,” as ECC keys are also accepted.
I also followed the instruction received in #2883

Link documentation PRs if any are needed to support this PR:

Please note that keys based on “Curve25519” and “Curve 448” (Ed25519/Ed448) for SSL/TLS server certificates are not yet supported by browsers, so they would cause an error during navigation if used.

According to the Baseline Requirements for TLS Server Certificates, specifically section 6.1.5, currently only RSA keys greater than 2048 bits and ECDSA keys (NIST P-256, NIST P-384, or NIST P-521) are accepted.

This is merely a note for future reference.

By submitting this pull request, I confirm the following:

  1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
  2. I have commented my proposed changes within the code and I have tested my changes.
  3. I am willing to help maintain this change if there are issues with it later.
  4. It is compatible with the EUPL 1.2 license
  5. I have squashed any insignificant commits. (git rebase)
  6. I have checked that another pull request for this purpose does not exist.
  7. I have considered, and confirmed that this submission will be valuable to others.
  8. I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
  9. I give this submission freely, and claim no ownership to its content.
  • I have read the above and my PR is ready for review.

@DoctorD90
Update a single text description "PRIVATE KEY"
145aba4 
The term "RSA PRIVATE KEY" has been replaced with the more general "PRIVATE KEY" as ECC keys are also accepted.

Please note that keys based on "Curve25519" and "Curve 448" (Ed25519/Ed448) for SSL/TLS server certificates are not yet supported by browsers, so they would cause an error during navigation if used.

According to the [Baseline Requirements for TLS Server Certificates](https://cabforum.org/working-groups/server/baseline-requirements/documents/), specifically section 6.1.5, currently only RSA keys greater than 2048 bits and ECDSA keys (NIST P-256, NIST P-384, or NIST P-521) are accepted.

Signed-off-by: DoctorD90 <DoctorD90@users.noreply.github.com>
@DoctorD90 DoctorD90 requested a review from a team as a code owner May 8, 2026 10:17
@DoctorD90
Copy link
Copy Markdown
Author

DoctorD90 commented May 8, 2026

@yubiuser I hope everything goes smoothly this time... Thanks for your guidance!

@yubiuser yubiuser requested a review from DL6ER May 8, 2026 11:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DL6ER DL6ER Awaiting requested review from DL6ER

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DoctorD90