Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
openldap2-client.33990
0228-bsc-1220787-increase-dh-param-minimums.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0228-bsc-1220787-increase-dh-param-minimums.patch of Package openldap2-client.33990
From cbea96c9fe5722563bf5d17c40b56319376b7f49 Mon Sep 17 00:00:00 2001 From: William Brown <william.brown@suse.com> Date: Tue, 21 May 2024 10:50:09 +1000 Subject: [PATCH] bsc#1220787 - increase dh param minimums Remove 512 and 1024 bit dh parameters, forcing 2048 to be the minimum. --- libraries/libldap/tls_o.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c index f0b8319232..64c368781d 100644 --- a/libraries/libldap/tls_o.c +++ b/libraries/libldap/tls_o.c @@ -1169,19 +1169,6 @@ struct dhinfo { /* From the OpenSSL 0.9.7 distro */ -static const char tlso_dhpem512[] = -"-----BEGIN DH PARAMETERS-----\n\ -MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn\n\ -a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC\n\ ------END DH PARAMETERS-----\n"; - -static const char tlso_dhpem1024[] = -"-----BEGIN DH PARAMETERS-----\n\ -MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq\n\ -/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx\n\ -/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC\n\ ------END DH PARAMETERS-----\n"; - static const char tlso_dhpem2048[] = "-----BEGIN DH PARAMETERS-----\n\ MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o\n\ @@ -1208,7 +1195,6 @@ jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI=\n\ -----END DH PARAMETERS-----\n"; static const struct dhinfo tlso_dhpem[] = { - { 1024, tlso_dhpem1024, sizeof(tlso_dhpem1024) }, { 2048, tlso_dhpem2048, sizeof(tlso_dhpem2048) }, { 4096, tlso_dhpem4096, sizeof(tlso_dhpem4096) }, { 0, NULL, 0 } @@ -1223,7 +1209,7 @@ tlso_tmp_dh_cb( SSL *ssl, int is_export, int key_length ) int i; /* for Logjam, rev up the minimum DH group size to 1024 bit */ - if (key_length < 1024) key_length = 1024; + if (key_length < 2048) key_length = 2048; /* Do we have params of this length already? */ LDAP_MUTEX_LOCK( &tlso_dh_mutex ); -- 2.45.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
