From 00fd0d4599fe4ddc409af532be3a3c1060461dec Mon Sep 17 00:00:00 2001 From: djm Date: Fri, 16 Oct 2015 22:32:22 +0000 Subject: [PATCH] increase the minimum modulus that we will send or accept in diffie-hellman-group-exchange to 2048 bits; ok markus@ --- usr.bin/ssh/dh.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/usr.bin/ssh/dh.h b/usr.bin/ssh/dh.h index 654695315e0..e191cfd8a25 100644 --- a/usr.bin/ssh/dh.h +++ b/usr.bin/ssh/dh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.h,v 1.13 2015/05/27 23:39:18 dtucker Exp $ */ +/* $OpenBSD: dh.h,v 1.14 2015/10/16 22:32:22 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. @@ -44,8 +44,11 @@ int dh_pub_is_valid(DH *, BIGNUM *); u_int dh_estimate(int); -/* Min and max values from RFC4419. */ -#define DH_GRP_MIN 1024 +/* + * Max value from RFC4419. + * Miniumum increased in light of DH precomputation attacks. + */ +#define DH_GRP_MIN 2048 #define DH_GRP_MAX 8192 /* -- 2.20.1