Content-Length: 296913 | pFad | http://github.com/postgrespro/postgres_cluster/commit/8a810a177c80909b71e9fb3760a1d56ed988638a

E4 Update hardcoded DH parameters to IANA standards · postgrespro/postgres_cluster@8a810a1 · GitHub
Skip to content

Commit 8a810a1

Browse files
michaelpqmichaelpq
committed
Update hardcoded DH parameters to IANA standards
The source defining the current fallback and hardcoded DH parameters has disappeared from the web a long time ago, and RFC 3526 defines the most current Diffie-Hellman MODP groups, so update to those new values. Author: Daniel Gustafsson Reviewed-by: Peter Eisentraut, Michael Paquier Discussion: https://postgr.es/m/5E60AC9A-CB10-4851-9EF2-7209490A164C@yesql.se
1 parent 08aa131 commit 8a810a1

File tree

1 file changed

+11
-10
lines changed

1 file changed

+11
-10
lines changed

src/include/libpq/libpq-be.h

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -206,19 +206,20 @@ typedef struct Port
206206
* Hardcoded DH parameters, used in ephemeral DH keying. (See also
207207
* README.SSL for more details on EDH.)
208208
*
209-
* If you want to create your own hardcoded DH parameters
210-
* for fun and profit, review "Assigned Number for SKIP
211-
* Protocols" (http://www.skip-vpn.org/spec/numbers.html)
212-
* for suggestions.
209+
* This is the 2048-bit DH parameter from RFC 3526. The generation of the
210+
* prime is specified in RFC 2412 Appendix E, which also discusses the
211+
* design choice of the generator. Note that when loaded with OpenSSL
212+
* this causes DH_check() to fail on DH_NOT_SUITABLE_GENERATOR, where
213+
* leaking a bit is preferred.
213214
*/
214215
#define FILE_DH2048 \
215216
"-----BEGIN DH PARAMETERS-----\n\
216-
MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV\n\
217-
89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50\n\
218-
T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb\n\
219-
zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX\n\
220-
Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT\n\
221-
CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==\n\
217+
MIIBCAKCAQEA//github.com///github.com///github.com///JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n\
218+
IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft\n\
219+
awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n\
220+
mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n\
221+
fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n\
222+
5RXSJhiY+gUQFXKOWoqsqmj//github.com///github.com///github.com//wIBAg==\n\
222223
-----END DH PARAMETERS-----\n"
223224

224225
/*

0 commit comments

Comments
 (0)








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://github.com/postgrespro/postgres_cluster/commit/8a810a177c80909b71e9fb3760a1d56ed988638a

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy