Prefer MODP2048/1536 over ECP Diffie-Hellman groups

author Martin Willi <martin@strongswan.org>

Thu, 12 Nov 2009 13:10:30 +0000 (13:10 +0000)

committer Martin Willi <martin@strongswan.org>

Thu, 12 Nov 2009 13:10:30 +0000 (13:10 +0000)
author Martin Willi <martin@strongswan.org>
Thu, 12 Nov 2009 13:10:30 +0000 (13:10 +0000)
committer Martin Willi <martin@strongswan.org>
Thu, 12 Nov 2009 13:10:30 +0000 (13:10 +0000)
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c

index a6089c839c0036baa44070e090341f627deaac0e..7d941348f519b1c93632221c9ada9cb269e918dd 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -256,23 +256,21 @@ plugin_t *plugin_create()
         lib->crypto->add_hasher(lib->crypto, HASH_SHA512,
                                         (hasher_constructor_t)openssl_hasher_create);
  
-       /* ec diffie hellman */
-       lib->crypto->add_dh(lib->crypto, ECP_192_BIT,
-                                               (dh_constructor_t)openssl_ec_diffie_hellman_create);
-       lib->crypto->add_dh(lib->crypto, ECP_224_BIT,
-                                               (dh_constructor_t)openssl_ec_diffie_hellman_create);
+       /* (ec) diffie hellman */
+       lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
+                                               (dh_constructor_t)openssl_diffie_hellman_create);
+       lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
+                                               (dh_constructor_t)openssl_diffie_hellman_create);
         lib->crypto->add_dh(lib->crypto, ECP_256_BIT,
                                                 (dh_constructor_t)openssl_ec_diffie_hellman_create);
         lib->crypto->add_dh(lib->crypto, ECP_384_BIT,
                                                 (dh_constructor_t)openssl_ec_diffie_hellman_create);
         lib->crypto->add_dh(lib->crypto, ECP_521_BIT,
                                                 (dh_constructor_t)openssl_ec_diffie_hellman_create);
-
-       /* diffie hellman */
-       lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
-                                               (dh_constructor_t)openssl_diffie_hellman_create);
-       lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
-                                               (dh_constructor_t)openssl_diffie_hellman_create);
+       lib->crypto->add_dh(lib->crypto, ECP_224_BIT,
+                                               (dh_constructor_t)openssl_ec_diffie_hellman_create);
+       lib->crypto->add_dh(lib->crypto, ECP_192_BIT,
+                                               (dh_constructor_t)openssl_ec_diffie_hellman_create);
         lib->crypto->add_dh(lib->crypto, MODP_3072_BIT,
                                                 (dh_constructor_t)openssl_diffie_hellman_create);
         lib->crypto->add_dh(lib->crypto, MODP_4096_BIT,
author	Martin Willi <martin@strongswan.org>
	Thu, 12 Nov 2009 13:10:30 +0000 (13:10 +0000)
committer	Martin Willi <martin@strongswan.org>
	Thu, 12 Nov 2009 13:10:30 +0000 (13:10 +0000)