upstream commit

increase the minimum modulus that we will send or accept in diffie-hellman-group-exchange to 2048 bits; ok markus@ Upstream-ID: 06dce7a24c17b999a0f5fadfe95de1ed6a1a9b6a
author: djm@openbsd.org <djm@openbsd.org> 2015-10-16 22:32:22 +0000
committer: Damien Miller <djm@mindrot.org> 2015-10-17 09:32:47 +1100
commit: b56deb847f4a0115a8bf488bf6ee8524658162fd (patch)
tree: 67ffc1513a0ad44627aa42d2b72356e61e494457 /dh.h
parent: 5ee0063f024bf5b3f3ffb275b8cd20055d62b4b9 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/dh.h b/dh.h
index 654695315..e191cfd8a 100644
--- a/dh.h
+++ b/dh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.h,v 1.13 2015/05/27 23:39:18 dtucker Exp $ */
+/* $OpenBSD: dh.h,v 1.14 2015/10/16 22:32:22 djm Exp $ */
 /*
 * Copyright (c) 2000 Niels Provos.  All rights reserved.
@@ -44,8 +44,11 @@ int	 dh_pub_is_valid(DH *, BIGNUM *);
 u_int    dh_estimate(int);
-/* Min and max values from RFC4419. */
+/*
-#define DH_GRP_MIN      1024
+ * Max value from RFC4419.
+ * Miniumum increased in light of DH precomputation attacks.
+ */
+#define DH_GRP_MIN      2048
 #define DH_GRP_MAX      8192
 /*
author	djm@openbsd.org <djm@openbsd.org>	2015-10-16 22:32:22 +0000
committer	Damien Miller <djm@mindrot.org>	2015-10-17 09:32:47 +1100
commit	b56deb847f4a0115a8bf488bf6ee8524658162fd (patch)
tree	67ffc1513a0ad44627aa42d2b72356e61e494457 /dh.h
parent	5ee0063f024bf5b3f3ffb275b8cd20055d62b4b9 (diff)