From 22a37c453d83c39634fbae72de592024d9b8ba4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= <bj@sernet.de>
Date: Wed, 2 Sep 2015 12:37:12 +0200
Subject: tls: increase Diffie-Hellman group size to 2048 bits

1024 bits is already the minimum accepted size of current TLS libraries. 2048
is recommended for servers, see https://weakdh.org/

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep  3 03:47:48 CEST 2015 on sn-devel-104
---
 source4/lib/tls/tls.c         | 2 +-
 source4/lib/tls/tls_tstream.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/lib/tls')

diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index 0d9d3c986de..ad8bbd444a4 100644
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -31,7 +31,7 @@
 #if ENABLE_GNUTLS
 #include <gnutls/gnutls.h>
 
-#define DH_BITS 1024
+#define DH_BITS 2048
 
 #if defined(HAVE_GNUTLS_DATUM) && !defined(HAVE_GNUTLS_DATUM_T)
 typedef gnutls_datum gnutls_datum_t;
diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c
index 188a3b801bf..5c3e9f1142e 100644
--- a/source4/lib/tls/tls_tstream.c
+++ b/source4/lib/tls/tls_tstream.c
@@ -28,7 +28,7 @@
 #if ENABLE_GNUTLS
 #include <gnutls/gnutls.h>
 
-#define DH_BITS 1024
+#define DH_BITS 2048
 
 #if defined(HAVE_GNUTLS_DATUM) && !defined(HAVE_GNUTLS_DATUM_T)
 typedef gnutls_datum gnutls_datum_t;
-- 
cgit v1.2.1