tls: increase Diffie-Hellman group size to 2048 bits

1024 bits is already the minimum accepted size of current TLS libraries. 2048 is recommended for servers, see https://weakdh.org/ Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Sep 3 03:47:48 CEST 2015 on sn-devel-104
author: Björn Jacke <bj@sernet.de> 2015-09-02 12:37:12 +0200
committer: Andrew Bartlett <abartlet@samba.org> 2015-09-03 03:47:48 +0200
commit: 22a37c453d83c39634fbae72de592024d9b8ba4a (patch)
tree: 29836c9787a6c981eb933103294297b4db73d5a1 /source4/lib/tls
parent: b49b1bd8dcc9a74440a2845f609024ee8bf173bf (diff)
download: samba-22a37c453d83c39634fbae72de592024d9b8ba4a.tar.gz
2 files changed, 2 insertions, 2 deletions
diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index 0d9d3c986de..ad8bbd444a4 100644
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -31,7 +31,7 @@
 #if ENABLE_GNUTLS
 #include <gnutls/gnutls.h>
 
-#define DH_BITS 1024
+#define DH_BITS 2048
 
 #if defined(HAVE_GNUTLS_DATUM) && !defined(HAVE_GNUTLS_DATUM_T)
 typedef gnutls_datum gnutls_datum_t;
diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c
index 188a3b801bf..5c3e9f1142e 100644
--- a/source4/lib/tls/tls_tstream.c
+++ b/source4/lib/tls/tls_tstream.c
@@ -28,7 +28,7 @@
 #if ENABLE_GNUTLS
 #include <gnutls/gnutls.h>
 
-#define DH_BITS 1024
+#define DH_BITS 2048
 
 #if defined(HAVE_GNUTLS_DATUM) && !defined(HAVE_GNUTLS_DATUM_T)
 typedef gnutls_datum gnutls_datum_t;
author	Björn Jacke <bj@sernet.de>	2015-09-02 12:37:12 +0200
committer	Andrew Bartlett <abartlet@samba.org>	2015-09-03 03:47:48 +0200
commit	22a37c453d83c39634fbae72de592024d9b8ba4a (patch)
tree	29836c9787a6c981eb933103294297b4db73d5a1 /source4/lib/tls
parent	b49b1bd8dcc9a74440a2845f609024ee8bf173bf (diff)
download	samba-22a37c453d83c39634fbae72de592024d9b8ba4a.tar.gz