From 25ecd3cc86ff1638a6633bbbec8c910e59d1d79b Mon Sep 17 00:00:00 2001 From: Aaron Jones Date: Fri, 16 Sep 2016 13:38:12 +0000 Subject: [PATCH] GNUTLS: Raise minimum group size for Diffie-Hellman-Merkle key exchange A 2048-bit long P should really be the minimum these days. --- libratbox/src/gnutls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libratbox/src/gnutls.c b/libratbox/src/gnutls.c index a2416f9f..c9250df7 100644 --- a/libratbox/src/gnutls.c +++ b/libratbox/src/gnutls.c @@ -157,7 +157,7 @@ rb_ssl_init_fd(rb_fde_t *const F, const rb_fd_tls_direction dir) gnutls_init((gnutls_session_t *) F->ssl, init_flags); gnutls_set_default_priority(SSL_P(F)); gnutls_credentials_set(SSL_P(F), GNUTLS_CRD_CERTIFICATE, server_cert_key); - gnutls_dh_set_prime_bits(SSL_P(F), 1024); + gnutls_dh_set_prime_bits(SSL_P(F), 2048); gnutls_priority_set(SSL_P(F), default_priority); gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) F);