]> arthur.barton.de Git - ngircd-alex.git/blobdiff - src/ngircd/conn-ssl.c
projects / ngircd-alex.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
GnuTLS: use 1024 (DH_BITS_MIN) as minimum size of the DH prime
[ngircd-alex.git] / src / ngircd / conn-ssl.c
diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c
index 7630420dad36bfa46e2dbb0590e382055f3d7979..ffb1b104e5f57e961565fe1c941edf8cae9b0d68 100644 (file)
--- a/src/ngircd/conn-ssl.c
+++ b/src/ngircd/conn-ssl.c
@@ -52,9 +52,10 @@ static bool ConnSSL_LoadServerKey_openssl PARAMS(( SSL_CTX *c ));
 #include <gnutls/x509.h>
 
 #define DH_BITS 2048
+#define DH_BITS_MIN 1024
+
 static gnutls_certificate_credentials_t x509_cred;
 static gnutls_dh_params_t dh_params;
-
 static bool ConnSSL_LoadServerKey_gnutls PARAMS(( void ));
 #endif
 
@@ -426,7 +427,7 @@ ConnSSL_Init_SSL(CONNECTION *c)
                ConnSSL_Free(c);
                return false;
        }
-       gnutls_dh_set_prime_bits(c->ssl_state.gnutls_session, DH_BITS);
+       gnutls_dh_set_prime_bits(c->ssl_state.gnutls_session, DH_BITS_MIN);
 #endif
        Conn_OPTION_ADD(c, CONN_SSL);
        return true;
Alex' ngIRCd development repository