Unleashed: 220.127.116.11.179 (April 2023)
In Admin & Services --> Administration --> Certificate --> Advanced Options, we see options for the Unleashed web server. Although this is "just" Unleashed which is usually an internal web server in SMB and home environments, I still think it's important to follow industry best practices. I believe that 1024-bit RSA has been deprecated many years ago; I've seen various articles that talked about retiring it in 2009, 2013, 2015, etc.
I propose completely removing 1024-bit and making 2048-bit private keys the new minimum default. But also adding a new option for 4096-bit. It doesn't really hurt anything, in my experience.
There's also a few grammatical errors in the English version of Unleashed (sorry!) that would look better if fixed.
In case my screenshot is too small:
"Re-generate a new private key of a specific key length.
This function is only needed when your certificate vendor only accepts 2048 key length instead of 1024 key length. Warning: The Unleashed will be rebooted after re-generating a new private key."
* get rid of "The" Unleashed in the last sentence. Also the middle sentence will no longer be necessary with the new 2048-bit default so maybe delete it.
"Import a trusted CA to Unleashed. When Unleashed
received receives a server's certificate, Unleashed it will match the server's CA against the Unleashed's list of trusted CAs. If there is no t match, Unleashed will send an error."
should be "Import a trusted CA to Unleashed. When Unleashed receives a server's certificate, it will match the server's CA against Unleashed's list of trusted CAs. If there is no match, Unleashed will send an error.
Thank you for your consideration. I appreciate the hard work of the internal team in making Unleashed a great product for SMB and advanced home users. I hope it sticks around for many, many more generations of AP and ICX products.