From: Nikos Mavrogiannopoulos Date: Tue, 14 Jan 2014 10:05:34 +0000 (+0100) Subject: security levels aligned to ENISA and other common practice recommendations. X-Git-Tag: gnutls_3_3_0pre0~348 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1371c4c6d4273a3480d1e43ffb73bf66fc57d2cd;p=thirdparty%2Fgnutls.git security levels aligned to ENISA and other common practice recommendations. --- diff --git a/lib/algorithms/secparams.c b/lib/algorithms/secparams.c index 852557c5b2..2eecfe26da 100644 --- a/lib/algorithms/secparams.c +++ b/lib/algorithms/secparams.c @@ -39,9 +39,9 @@ typedef struct { static const gnutls_sec_params_entry sec_params[] = { {"Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0}, - {"Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 160, 0}, - {"Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 767, 0, 160, 0}, - {"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1024, 160, 160}, + {"Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 84, 0}, + {"Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 767, 0, 128, 0}, + {"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1008, 160, 160}, #ifdef ENABLE_FIPS140 {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1024, 1024, 160, 160}, {"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1024, 1024, 192, 192}, @@ -49,10 +49,10 @@ static const gnutls_sec_params_entry sec_params[] = { {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3072, 3072, 256, 256}, {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15360, 15360, 512, 512}, #else - {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 1024, 160, 160}, + {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1024, 1024, 160, 160}, /* ENISA-LEGACY */ {"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192}, - {"Medium", GNUTLS_SEC_PARAM_MEDIUM, 112, 2432, 2048, 256, 224}, - {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256}, + {"Medium", GNUTLS_SEC_PARAM_MEDIUM, 112, 2048, 2048, 256, 224}, + {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3072, 3072, 256, 256}, {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15424, 3072, 512, 512}, #endif {NULL, 0, 0, 0, 0, 0}