From 04943fad79d985558d5ebd5f946496c1be705eda Mon Sep 17 00:00:00 2001
From: sithlord48 <sithlord48@gmail.com>
Date: Sun, 15 Jun 2025 21:21:16 -0400
Subject: [PATCH] feat: Enforce a minimum TLS size of 2048bit

---
 src/lib/gui/MainWindow.cpp     | 7 +++++++
 src/lib/gui/tls/TlsUtility.cpp | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/src/lib/gui/MainWindow.cpp b/src/lib/gui/MainWindow.cpp
index 733f68724..7dd7cce06 100644
--- a/src/lib/gui/MainWindow.cpp
+++ b/src/lib/gui/MainWindow.cpp
@@ -150,6 +150,13 @@ MainWindow::MainWindow()
 
   // Force generation of SHA256 for the localhost
   if (Settings::value(Settings::Security::TlsEnabled).toBool()) {
+    if (Settings::value(Settings::Security::KeySize).toInt() < 2048) {
+      QMessageBox::information(
+          this, kAppName,
+          tr("Your current TLS key is smaller than the minimum allowed size, A new key 2048-bit key will be generated.")
+      );
+      regenerateLocalFingerprints();
+    }
     if (!QFile::exists(Settings::tlsLocalDb())) {
       regenerateLocalFingerprints();
       return;
diff --git a/src/lib/gui/tls/TlsUtility.cpp b/src/lib/gui/tls/TlsUtility.cpp
index 57f8cf0a5..ea742c8cc 100644
--- a/src/lib/gui/tls/TlsUtility.cpp
+++ b/src/lib/gui/tls/TlsUtility.cpp
@@ -39,6 +39,13 @@ bool TlsUtility::generateCertificate()
   }
 
   auto length = Settings::value(Settings::Security::KeySize).toInt();
+
+  if (length < 2048) {
+    length = 2048;
+    qDebug("selected size too small setting certificate size to 2048");
+    Settings::setValue(Settings::Security::KeySize, 2048);
+  }
+
   const auto certificate = Settings::value(Settings::Security::Certificate).toString();
   return m_certificate.generateCertificate(certificate, length);
 }