From: Nikos Mavrogiannopoulos Date: Sat, 9 Feb 2013 18:22:25 +0000 (+0100) Subject: Restored 3.1.6 defaults and documented fix. X-Git-Tag: gnutls_3_1_8~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=641464893136a40be8ac3615cd978a0b949d770a;p=thirdparty%2Fgnutls.git Restored 3.1.6 defaults and documented fix. --- diff --git a/NEWS b/NEWS index 8f5367187f..50b1dc942a 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,9 @@ See the end for copying conditions. ** Fixed issue in gnutls_x509_privkey_import2() which didn't return GNUTLS_E_DECRYPTION_FAILED in all cases. +** libgnutls: The minimum DH bits accepted by priorities NORMAL and +PERFORMANCE was set to previous defaults 727 bits. + ** API and ABI modifications: No changes since last version. diff --git a/lib/algorithms/secparams.c b/lib/algorithms/secparams.c index 6bc28d12a6..69acb96163 100644 --- a/lib/algorithms/secparams.c +++ b/lib/algorithms/secparams.c @@ -41,7 +41,7 @@ typedef struct static const gnutls_sec_params_entry sec_params[] = { {"Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0}, {"Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 0, 0}, - {"Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 768, 0, 0, 0}, + {"Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 727, 0, 0, 0}, {"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1024, 160, 160}, {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160}, {"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192},