} gnutls_sec_params_entry;
static const gnutls_sec_params_entry sec_params[] = {
- {"Weak", GNUTLS_SEC_PARAM_WEAK, 0, 0, 0, 0, 0},
- {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160},
+ {"Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0},
+ {"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1024, 160, 160},
+ {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160},
{"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192},
{"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2432, 3072, 224, 224},
{"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256},
return GNUTLS_E_CONSTRAINT_ERROR;
}
- if (gnutls_pk_bits_to_sec_param(pk, bits) == GNUTLS_SEC_PARAM_WEAK)
+ if (gnutls_pk_bits_to_sec_param(pk, bits) == GNUTLS_SEC_PARAM_INSECURE)
{
gnutls_assert();
_gnutls_audit_log(session, "The security level of the certificate (%s: %u) is weak\n", gnutls_pk_get_name(pk), bits);
/**
* gnutls_sec_param_t:
- * @GNUTLS_SEC_PARAM_WEAK: security level known to be weak
+ * @GNUTLS_SEC_PARAM_INSECURE: Less than 72 bits of security
+ * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security
* @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
* @GNUTLS_SEC_PARAM_LOW: 80 bits of security
* @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security
*/
typedef enum
{
+ GNUTLS_SEC_PARAM_INSECURE = -20,
GNUTLS_SEC_PARAM_WEAK = -10,
GNUTLS_SEC_PARAM_UNKNOWN = 0,
GNUTLS_SEC_PARAM_LOW = 1,