NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit8a810a1

committed

Update hardcoded DH parameters to IANA standards

The source defining the current fallback and hardcoded DH parametershas disappeared from the web a long time ago, and RFC 3526 defines themost current Diffie-Hellman MODP groups, so update to those new values.Author: Daniel GustafssonReviewed-by: Peter Eisentraut, Michael PaquierDiscussion:https://postgr.es/m/5E60AC9A-CB10-4851-9EF2-7209490A164C@yesql.se

1 parent08aa131 commit8a810a1Copy full SHA for 8a810a1

File tree

1 file changed

+11

-10

lines changed

src/include/libpq
- libpq-be.h

1 file changed

+11

-10

lines changed

`‎src/include/libpq/libpq-be.h`

Lines changed: 11 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -206,19 +206,20 @@ typedef struct Port`
`206`	`206`	`*Hardcoded DH parameters, used in ephemeral DH keying. (See also`
`207`	`207`	`*README.SSL for more details on EDH.)`
`208`	`208`	`*`
`209`		`- *If you want to create your own hardcoded DH parameters`
`210`		`- *for fun and profit, review "Assigned Number for SKIP`
`211`		`- *Protocols" (http://www.skip-vpn.org/spec/numbers.html)`
`212`		`- *for suggestions.`
	`209`	`+ *This is the 2048-bit DH parameter from RFC 3526. The generation of the`
	`210`	`+ *prime is specified in RFC 2412 Appendix E, which also discusses the`
	`211`	`+ *design choice of the generator. Note that when loaded with OpenSSL`
	`212`	`+ *this causes DH_check() to fail on DH_NOT_SUITABLE_GENERATOR, where`
	`213`	`+ *leaking a bit is preferred.`
`213`	`214`	`*/`
`214`	`215`	`#defineFILE_DH2048 \`
`215`	`216`	`"-----BEGIN DH PARAMETERS-----\n\`
`216`		`-MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV\n\`
`217`		`-89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50\n\`
`218`		`-T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb\n\`
`219`		`-zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX\n\`
`220`		`-Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT\n\`
`221`		`-CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==\n\`
	`217`	`+MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n\`
	`218`	`+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft\n\`
	`219`	`+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n\`
	`220`	`+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n\`
	`221`	`+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n\`
	`222`	`+5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==\n\`
`222`	`223`	`-----END DH PARAMETERS-----\n"`
`223`	`224`
`224`	`225`	`/*`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit8a810a1

File tree

1 file changed

1 file changed

`‎src/include/libpq/libpq-be.h`

0 commit comments