static const gnutls_sec_params_entry sec_params[] = {
{"Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0},
- {"Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 160, 0},
- {"Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 767, 0, 160, 0},
- {"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1024, 160, 160},
+ {"Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 84, 0},
+ {"Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 767, 0, 128, 0},
+ {"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1008, 160, 160},
#ifdef ENABLE_FIPS140
{"Low", GNUTLS_SEC_PARAM_LOW, 80, 1024, 1024, 160, 160},
{"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1024, 1024, 192, 192},
{"High", GNUTLS_SEC_PARAM_HIGH, 128, 3072, 3072, 256, 256},
{"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15360, 15360, 512, 512},
#else
- {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 1024, 160, 160},
+ {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1024, 1024, 160, 160}, /* ENISA-LEGACY */
{"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192},
- {"Medium", GNUTLS_SEC_PARAM_MEDIUM, 112, 2432, 2048, 256, 224},
- {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256},
+ {"Medium", GNUTLS_SEC_PARAM_MEDIUM, 112, 2048, 2048, 256, 224},
+ {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3072, 3072, 256, 256},
{"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15424, 3072, 512, 512},
#endif
{NULL, 0, 0, 0, 0, 0}