From f5fc9404c231ed013e31c0284adcacfb0f71b86b Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sun, 10 Jan 2016 13:55:08 +0100 Subject: [PATCH] Change minimum DH size from 768 to 1024 Reviewed-by: Viktor Dukhovni --- CHANGES | 3 ++- ssl/s3_clnt.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 915b1f6030..23ca912fa6 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,8 @@ Changes between 1.0.1q and 1.0.1r [xx XXX xxxx] - *) + *) Reject DH handshakes with parameters shorter than 1024 bits. + [Kurt Roeckx] Changes between 1.0.1p and 1.0.1q [3 Dec 2015] diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index af7f8fa856..cfa5080e6b 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -3417,7 +3417,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) /* Check DHE only: static DH not implemented. */ if (alg_k & SSL_kEDH) { int dh_size = BN_num_bits(dh->p); - if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 768) + if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 1024) || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL); goto f_err; -- 2.25.1