yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-23 06:35:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use 2048-bit DHE parameters from RFC 3526 instead of 5114 by default

Browse source 
The parameters from RFC 5114 are not considered trustworthy, while those from
RFC 3526 have been generated in a nothing-up-my-sleeve manner.
This commit is contained in:
Hanno Becker 2017-10-13 16:56:15 +01:00
parent a75a459143
commit 11f740aae4
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
library/ssl_tls.c
View file

@ -3702,9 +3702,9 @@ int ssl_init( ssl_context *ssl )
#if defined(POLARSSL_DHM_C)
if( ( ret = mpi_read_string( &ssl->dhm_P, 16,
POLARSSL_DHM_RFC5114_MODP_2048_P) ) != 0 ||
POLARSSL_DHM_RFC3526_MODP_2048_P) ) != 0 ||
( ret = mpi_read_string( &ssl->dhm_G, 16,
POLARSSL_DHM_RFC5114_MODP_2048_G) ) != 0 )
POLARSSL_DHM_RFC3526_MODP_2048_G) ) != 0 )
{
SSL_DEBUG_RET( 1, "mpi_read_string", ret );
return( ret );

2
tests/ssl-opt.sh
View file

@ -2269,7 +2269,7 @@ run_test "DHM parameters: reference" \
debug_level=3" \
0 \
-c "value of 'DHM: P ' (2048 bits)" \
-c "value of 'DHM: G ' (2048 bits)"
-c "value of 'DHM: G ' (2 bits)"
run_test "DHM parameters: other parameters" \
"$P_SRV dhm_file=data_files/dhparams.pem" \