From 95ebdfd1b4429fc35b867a3a11ea7e664f1f2f38 Mon Sep 17 00:00:00 2001
From: Simon Bein <simontheleg@gmail.com>
Date: Fri, 7 Nov 2025 11:19:12 +0100
Subject: [PATCH] change to P384 keys

This is mainly to be compatible with etcd-workbench which does not
support P521 keys (see
https://github.com/tzfun/etcd-workbench/issues/108#issuecomment-3023031468)

On-behalf-of: SAP <simon.bein@sap.com>
Signed-off-by: Simon Bein <simontheleg@gmail.com>
---
 config.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config.go b/config.go
index 210d225..dab95f8 100644
--- a/config.go
+++ b/config.go
@@ -183,17 +183,17 @@ func generateClientAndServerCerts(hosts []string, dir string) error {
 		BasicConstraintsValid: true,
 	}
 
-	caKey, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
+	caKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
 	if err != nil {
 		return err
 	}
 
-	serverKey, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
+	serverKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
 	if err != nil {
 		return err
 	}
 
-	clientKey, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
+	clientKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
 	if err != nil {
 		return err
 	}