yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-09 05:35:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use 2048-bit DHE parameters from RFC 3526 instead of 5114 by default

Browse source 
The parameters from RFC 5114 are not considered trustworthy, while those from
RFC 3526 have been generated in a nothing-up-my-sleeve manner.
This commit is contained in:
Hanno Becker 2017-10-13 16:51:54 +01:00
parent 41a38dfed6
commit 80e0d46062
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
library/ssl_tls.c
View file

@ -7268,8 +7268,8 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
if( endpoint == MBEDTLS_SSL_IS_SERVER ) if( endpoint == MBEDTLS_SSL_IS_SERVER )
{ {
if( ( ret = mbedtls_ssl_conf_dh_param( conf, if( ( ret = mbedtls_ssl_conf_dh_param( conf,
MBEDTLS_DHM_RFC5114_MODP_2048_P, MBEDTLS_DHM_RFC3526_MODP_2048_P,
MBEDTLS_DHM_RFC5114_MODP_2048_G ) ) != 0 ) MBEDTLS_DHM_RFC3526_MODP_2048_G ) ) != 0 )
{ {
return( ret ); return( ret );
} }

2
tests/ssl-opt.sh
View file

@ -2702,7 +2702,7 @@ run_test "DHM parameters: reference" \
debug_level=3" \ debug_level=3" \
0 \ 0 \
-c "value of 'DHM: P ' (2048 bits)" \ -c "value of 'DHM: P ' (2048 bits)" \
-c "value of 'DHM: G ' (2048 bits)" -c "value of 'DHM: G ' (2 bits)"
run_test "DHM parameters: other parameters" \ run_test "DHM parameters: other parameters" \
"$P_SRV dhm_file=data_files/dhparams.pem" \ "$P_SRV dhm_file=data_files/dhparams.pem" \