[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Thu Sep 3 01:48:02 UTC 2015
The branch, master has been updated
via 22a37c4 tls: increase Diffie-Hellman group size to 2048 bits
via b49b1bd doc: fix description of tls dh params file parameter
from 2d0e301 s4:torture:vfs_fruit: created empty resourceforks
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 22a37c453d83c39634fbae72de592024d9b8ba4a
Author: Björn Jacke <bj at sernet.de>
Date: Wed Sep 2 12:37:12 2015 +0200
tls: increase Diffie-Hellman group size to 2048 bits
1024 bits is already the minimum accepted size of current TLS libraries. 2048
is recommended for servers, see https://weakdh.org/
Signed-off-by: Bjoern Jacke <bj at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Sep 3 03:47:48 CEST 2015 on sn-devel-104
commit b49b1bd8dcc9a74440a2845f609024ee8bf173bf
Author: Björn Jacke <bj at sernet.de>
Date: Wed Sep 2 12:37:11 2015 +0200
doc: fix description of tls dh params file parameter
Signed-off-by: Bjoern Jacke <bj at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/smbdotconf/security/tlsdhparamsfile.xml | 2 +-
source4/lib/tls/tls.c | 2 +-
source4/lib/tls/tls_tstream.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/security/tlsdhparamsfile.xml b/docs-xml/smbdotconf/security/tlsdhparamsfile.xml
index 7d454f3..4a5361c 100644
--- a/docs-xml/smbdotconf/security/tlsdhparamsfile.xml
+++ b/docs-xml/smbdotconf/security/tlsdhparamsfile.xml
@@ -6,7 +6,7 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This option can be set to a file with Diffie-Hellman parameters
- which will be used with EDH ciphers.
+ which will be used with DH ciphers.
</para>
<para>This path is relative to <smbconfoption name="private dir"/> if the path
does not start with a /.</para>
diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index 0d9d3c9..ad8bbd4 100644
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -31,7 +31,7 @@
#if ENABLE_GNUTLS
#include <gnutls/gnutls.h>
-#define DH_BITS 1024
+#define DH_BITS 2048
#if defined(HAVE_GNUTLS_DATUM) && !defined(HAVE_GNUTLS_DATUM_T)
typedef gnutls_datum gnutls_datum_t;
diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c
index 188a3b8..5c3e9f1 100644
--- a/source4/lib/tls/tls_tstream.c
+++ b/source4/lib/tls/tls_tstream.c
@@ -28,7 +28,7 @@
#if ENABLE_GNUTLS
#include <gnutls/gnutls.h>
-#define DH_BITS 1024
+#define DH_BITS 2048
#if defined(HAVE_GNUTLS_DATUM) && !defined(HAVE_GNUTLS_DATUM_T)
typedef gnutls_datum gnutls_datum_t;
--
Samba Shared Repository
More information about the samba-cvs
mailing list