lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Change default Diffie-Hellman parameters from RFC 5114 to RFC 7919

Browse Source 
The origin of the primes in RFC 5114 is undocumented and their use therefore
constitutes a security risk.
This commit is contained in:
Hanno Becker
2017-09-27 11:49:49 +01:00
parent b2bad800e4
commit 8c8b0ab877
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
library/ssl_tls.c
View File

@ -7538,8 +7538,8 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
if( endpoint == MBEDTLS_SSL_IS_SERVER ) if( endpoint == MBEDTLS_SSL_IS_SERVER )
{ {
if( ( ret = mbedtls_ssl_conf_dh_param( conf, if( ( ret = mbedtls_ssl_conf_dh_param( conf,
MBEDTLS_DHM_RFC5114_MODP_2048_P, mbedtls_dhm_rfc7919_ffdhe2048_p,
MBEDTLS_DHM_RFC5114_MODP_2048_G ) ) != 0 ) mbedtls_dhm_rfc7919_ffdhe2048_g ) ) != 0 )
{ {
return( ret ); return( ret );
} }