Use 2048-bit DHE parameters from RFC 3526 instead of 5114 by default
The parameters from RFC 5114 are not considered trustworthy, while those from
RFC 3526 have been generated in a nothing-up-my-sleeve manner.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ba586a0..9986ddc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7268,8 +7268,8 @@
if( endpoint == MBEDTLS_SSL_IS_SERVER )
{
if( ( ret = mbedtls_ssl_conf_dh_param( conf,
- MBEDTLS_DHM_RFC5114_MODP_2048_P,
- MBEDTLS_DHM_RFC5114_MODP_2048_G ) ) != 0 )
+ MBEDTLS_DHM_RFC3526_MODP_2048_P,
+ MBEDTLS_DHM_RFC3526_MODP_2048_G ) ) != 0 )
{
return( ret );
}
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9c9cf46..a8c9750 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2702,7 +2702,7 @@
debug_level=3" \
0 \
-c "value of 'DHM: P ' (2048 bits)" \
- -c "value of 'DHM: G ' (2048 bits)"
+ -c "value of 'DHM: G ' (2 bits)"
run_test "DHM parameters: other parameters" \
"$P_SRV dhm_file=data_files/dhparams.pem" \