Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
dovecot22
dovecot-2.2.31-dhparams_fips_mode.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File dovecot-2.2.31-dhparams_fips_mode.patch of Package dovecot22
diff --git a/src/lib-ssl-iostream/iostream-openssl-params.c b/src/lib-ssl-iostream/iostream-openssl-params.c index 5fdaa30de..576915371 100644 --- a/src/lib-ssl-iostream/iostream-openssl-params.c +++ b/src/lib-ssl-iostream/iostream-openssl-params.c @@ -44,9 +44,16 @@ generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r) int openssl_iostream_generate_params(buffer_t *output, unsigned int dh_length, const char **error_r) { - if (generate_dh_parameters(512, output, error_r) < 0) + unsigned int minimal_dh_size = 512; + #ifdef OPENSSL_FIPS + if (FIPS_mode() > 0) { + minimal_dh_size = 2048; + i_warning("FIPS mode detected. Setting minimum DH params size from 512 to 2048. Accepting SSL connections after first start might take longer."); + }; + #endif + if (generate_dh_parameters(minimal_dh_size, output, error_r) < 0) return -1; - if (dh_length != 512) { + if (dh_length > minimal_dh_size) { if (generate_dh_parameters(dh_length, output, error_r) < 0) return -1; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor