How prophetic! We now require 768 and will do another bump to 1024 in the near
future, so I'm resolving this ticket.
Cheers,
Emilia
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Thu, Nov 07, 2013, Salz, Rich wrote:
> I think a better way to do this would be to have a config param that set the
> minimum acceptable size. I.e., a #define
>
I think the best option is to have a compile time default with a runtime
override for this and other related issues. The idea being
Behalf Of Daniel Kahn Gillmor via RT
Sent: Thursday, November 07, 2013 6:55 AM
Cc: openssl-dev@openssl.org
Subject: [openssl.org #3164] [PATCH] require DH group of 1024 bits
Reject connections to TLS servers that select DH key exchange but offer a weak
DH group.
---
ssl/s3_clnt.c | 6 ++
ssl
Reject connections to TLS servers that select DH key exchange but
offer a weak DH group.
---
ssl/s3_clnt.c | 6 ++
ssl/ssl.h | 1 +
ssl/ssl_err.c | 1 +
3 files changed, 8 insertions(+)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index bf1ef47..ef638c4 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/