Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 8a810a1

Browse files
michaelpqmichaelpq
committed
Update hardcoded DH parameters to IANA standards
The source defining the current fallback and hardcoded DH parameters has disappeared from the web a long time ago, and RFC 3526 defines the most current Diffie-Hellman MODP groups, so update to those new values. Author: Daniel Gustafsson Reviewed-by: Peter Eisentraut, Michael Paquier Discussion: https://postgr.es/m/[email protected]
1 parent 08aa131 commit 8a810a1

File tree

1 file changed

+11
-10
lines changed

1 file changed

+11
-10
lines changed

src/include/libpq/libpq-be.h

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -206,19 +206,20 @@ typedef struct Port
206206
* Hardcoded DH parameters, used in ephemeral DH keying. (See also
207207
* README.SSL for more details on EDH.)
208208
*
209-
* If you want to create your own hardcoded DH parameters
210-
* for fun and profit, review "Assigned Number for SKIP
211-
* Protocols" (http://www.skip-vpn.org/spec/numbers.html)
212-
* for suggestions.
209+
* This is the 2048-bit DH parameter from RFC 3526. The generation of the
210+
* prime is specified in RFC 2412 Appendix E, which also discusses the
211+
* design choice of the generator. Note that when loaded with OpenSSL
212+
* this causes DH_check() to fail on DH_NOT_SUITABLE_GENERATOR, where
213+
* leaking a bit is preferred.
213214
*/
214215
#define FILE_DH2048 \
215216
"-----BEGIN DH PARAMETERS-----\n\
216-
MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV\n\
217-
89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50\n\
218-
T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb\n\
219-
zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX\n\
220-
Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT\n\
221-
CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==\n\
217+
MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n\
218+
IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft\n\
219+
awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n\
220+
mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n\
221+
fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n\
222+
5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==\n\
222223
-----END DH PARAMETERS-----\n"
223224

224225
/*

0 commit comments

Comments
 (0)