From: Jouni Malinen <j@w1.fi>
Date: Sun, 24 May 2015 07:47:21 +0000 (+0300)
Subject: Increase DH key size in the hostapd.conf example
X-Git-Tag: hostap_2_5~715
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f2f3a67d293997cbc95f3ec709967f277a2e04e;p=thirdparty%2Fhostap.git

Increase DH key size in the hostapd.conf example

OpenSSL is moving to use 2048-bit DH key size as the default with
dhparam. Increase the value in the hostapd.conf to match that to reduce
likelihood of ending up using a shorter key.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 5c6b28d01..390c75361 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -790,7 +790,7 @@ eap_server=0
 # is in DSA parameters format, it will be automatically converted into DH
 # params. This parameter is required if anonymous EAP-FAST is used.
 # You can generate DH parameters file with OpenSSL, e.g.,
-# "openssl dhparam -out /etc/hostapd.dh.pem 1024"
+# "openssl dhparam -out /etc/hostapd.dh.pem 2048"
 #dh_file=/etc/hostapd.dh.pem
 
 # OpenSSL cipher string