lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Don't claim ECDH parameters are nothing-up-my-sleeve numbers

Browse Source
This commit is contained in:
Hanno Becker
2017-10-12 13:45:10 +01:00
parent e3481ab533
commit f5dce36a24
1 changed files with 1 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
include/mbedtls/dhm.h
View File

@ -43,10 +43,7 @@
* primes systematically is not always an option. If possible, use * primes systematically is not always an option. If possible, use
* Elliptic Curve Diffie-Hellman (ECDH), which has better performance, * Elliptic Curve Diffie-Hellman (ECDH), which has better performance,
* and for which the TLS protocol mandates the use of standard * and for which the TLS protocol mandates the use of standard
* parameters that were generated in a nothing-up-my-sleeve manner. * parameters.
* We therefore consider DHE a security risk. If possible, it is
* recommended users should consider preferring other methods of
* key exchange.
* *
*/ */
#ifndef MBEDTLS_DHM_H #ifndef MBEDTLS_DHM_H