From: naddy <naddy@openbsd.org>
Date: Mon, 25 May 2015 19:29:36 +0000 (+0000)
Subject: bump up the default Diffie-Hellman group to modp3072; ok mikeb@ djm@
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=bf14ca98136b6db95a709a5004b3c28aaa7ad20d;p=openbsd

bump up the default Diffie-Hellman group to modp3072; ok mikeb@ djm@
---

diff --git a/sbin/ipsecctl/ike.c b/sbin/ipsecctl/ike.c
index f638d987cdd..f4638c612bb 100644
--- a/sbin/ipsecctl/ike.c
+++ b/sbin/ipsecctl/ike.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ike.c,v 1.79 2015/01/16 06:39:58 deraadt Exp $	*/
+/*	$OpenBSD: ike.c,v 1.80 2015/05/25 19:29:36 naddy Exp $	*/
 /*
  * Copyright (c) 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
  *
@@ -362,7 +362,7 @@ ike_section_p2(struct ipsec_rule *r, FILE *fd)
 			return (-1);
 		}
 	} else
-		group_desc = "MODP_1024";
+		group_desc = "MODP_3072";
 
 	/* the transform name must not include "," */
 	if (key_length && (p = strchr(key_length, ',')) != NULL)
@@ -531,7 +531,7 @@ ike_section_p1(struct ipsec_rule *r, FILE *fd)
 			return (-1);
 		};
 	} else
-		group_desc = "MODP_1024";
+		group_desc = "MODP_3072";
 
 	switch (r->ikeauth->type) {
 	case IKE_AUTH_PSK:
diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5
index 2abe006b040..abb80f1c6bc 100644
--- a/sbin/ipsecctl/ipsec.conf.5
+++ b/sbin/ipsecctl/ipsec.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ipsec.conf.5,v 1.148 2015/02/28 21:51:57 bentley Exp $
+.\"	$OpenBSD: ipsec.conf.5,v 1.149 2015/05/25 19:29:36 naddy Exp $
 .\"
 .\" Copyright (c) 2004 Mathieu Sauve-Frankel  All rights reserved.
 .\"
@@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 28 2015 $
+.Dd $Mdocdate: May 25 2015 $
 .Dt IPSEC.CONF 5
 .Os
 .Sh NAME
@@ -345,7 +345,7 @@ will use the default values
 .Ar main ,
 .Ar hmac-sha1 ,
 .Ar aes ,
-.Ar modp1024 ,
+.Ar modp3072 ,
 and
 .Ar 3600 .
 .It Xo