Use 2048-bit DHE parameters from RFC 3526 instead of 5114 by default
The parameters from RFC 5114 are not considered trustworthy, while those from
RFC 3526 have been generated in a nothing-up-my-sleeve manner.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bae8433..228e383 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3702,9 +3702,9 @@
#if defined(POLARSSL_DHM_C)
if( ( ret = mpi_read_string( &ssl->dhm_P, 16,
- POLARSSL_DHM_RFC5114_MODP_2048_P) ) != 0 ||
+ POLARSSL_DHM_RFC3526_MODP_2048_P) ) != 0 ||
( ret = mpi_read_string( &ssl->dhm_G, 16,
- POLARSSL_DHM_RFC5114_MODP_2048_G) ) != 0 )
+ POLARSSL_DHM_RFC3526_MODP_2048_G) ) != 0 )
{
SSL_DEBUG_RET( 1, "mpi_read_string", ret );
return( ret );
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ed695cb..d759752 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2269,7 +2269,7 @@
debug_level=3" \
0 \
-c "value of 'DHM: P ' (2048 bits)" \
- -c "value of 'DHM: G ' (2048 bits)"
+ -c "value of 'DHM: G ' (2 bits)"
run_test "DHM parameters: other parameters" \
"$P_SRV dhm_file=data_files/dhparams.pem" \