[openssh-commits] [openssh] 01/01: upstream commit
git+noreply at mindrot.org
git+noreply at mindrot.org
Sat Oct 17 09:32:58 AEDT 2015
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit b56deb847f4a0115a8bf488bf6ee8524658162fd
Author: djm at openbsd.org <djm at openbsd.org>
Date: Fri Oct 16 22:32:22 2015 +0000
upstream commit
increase the minimum modulus that we will send or accept in
diffie-hellman-group-exchange to 2048 bits; ok markus@
Upstream-ID: 06dce7a24c17b999a0f5fadfe95de1ed6a1a9b6a
---
dh.h | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/dh.h b/dh.h
index 6546953..e191cfd 100644
--- a/dh.h
+++ b/dh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.h,v 1.13 2015/05/27 23:39:18 dtucker Exp $ */
+/* $OpenBSD: dh.h,v 1.14 2015/10/16 22:32:22 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
@@ -44,8 +44,11 @@ int dh_pub_is_valid(DH *, BIGNUM *);
u_int dh_estimate(int);
-/* Min and max values from RFC4419. */
-#define DH_GRP_MIN 1024
+/*
+ * Max value from RFC4419.
+ * Miniumum increased in light of DH precomputation attacks.
+ */
+#define DH_GRP_MIN 2048
#define DH_GRP_MAX 8192
/*
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list