Change default Diffie-Hellman parameters from RFC 5114 to RFC 7919

The origin of the primes in RFC 5114 is undocumented and their use therefore constitutes a security risk.
2025-07-29 11:41:15 +03:00 · 2017-09-27 11:49:49 +01:00
parent b2bad800e4
commit 8c8b0ab877
1 changed files with 2 additions and 2 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -7538,8 +7538,8 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
            if( endpoint == MBEDTLS_SSL_IS_SERVER )
            {
                if( ( ret = mbedtls_ssl_conf_dh_param( conf,
-                                MBEDTLS_DHM_RFC5114_MODP_2048_P,
-                                MBEDTLS_DHM_RFC5114_MODP_2048_G ) ) != 0 )
+                               mbedtls_dhm_rfc7919_ffdhe2048_p,
+                               mbedtls_dhm_rfc7919_ffdhe2048_g ) ) != 0 )
                {
                    return( ret );
                }