[PATCH 2/2] tls: increase Diffie-Hellman group size to 2048 bits
Björn Jacke
bj at sernet.de
Wed Sep 2 10:37:12 UTC 2015
1024 bits is already the minimum accepted size of current TLS libraries. 2048
is recommended for servers, see https://weakdh.org/
Signed-off-by: Bjoern Jacke <bj at sernet.de>
---
source4/lib/tls/tls.c | 2 +-
source4/lib/tls/tls_tstream.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index 0d9d3c9..ad8bbd4 100644
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -31,7 +31,7 @@
#if ENABLE_GNUTLS
#include <gnutls/gnutls.h>
-#define DH_BITS 1024
+#define DH_BITS 2048
#if defined(HAVE_GNUTLS_DATUM) && !defined(HAVE_GNUTLS_DATUM_T)
typedef gnutls_datum gnutls_datum_t;
diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c
index 188a3b8..5c3e9f1 100644
--- a/source4/lib/tls/tls_tstream.c
+++ b/source4/lib/tls/tls_tstream.c
@@ -28,7 +28,7 @@
#if ENABLE_GNUTLS
#include <gnutls/gnutls.h>
-#define DH_BITS 1024
+#define DH_BITS 2048
#if defined(HAVE_GNUTLS_DATUM) && !defined(HAVE_GNUTLS_DATUM_T)
typedef gnutls_datum gnutls_datum_t;
--
2.4.2
More information about the samba-technical
mailing list