Branch: Tag:

2015-08-17

2015-08-17 13:26:18 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Context: Default to the FFDHE2048 group.

Changes the default DHE group from MODP group 24 to FFDHE2048.

This makes SMACKTest (http://smacktest.com/) happy, and reduces
the risk of precalculated attacks against the MODP group.

165:   array(int) ecc_curves = reverse(sort(indices(ECC_CURVES)));      //! Supported DH groups for DHE key exchanges, in order of preference. - //! Defaults to MODP Group 24 (2048/256 bits) from RFC 5114 section - //! 2.3. + //! Defaults to FFDHE-2048.   array(Crypto.DH.Parameters) dh_groups = ({ -  Crypto.DH.MODPGroup24, // MODP Group 24 (2048/256 bits). +  Crypto.DH.FFDHE2048,   });