From: Martin Willi <martin@strongswan.org>
Date: Thu, 12 Nov 2009 13:10:30 +0000 (+0000)
Subject: Prefer MODP2048/1536 over ECP Diffie-Hellman groups
X-Git-Tag: 4.3.6~207
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ee3d4ef8016c151a0e19dc91bd0445f4aac1e2ef;p=thirdparty%2Fstrongswan.git

Prefer MODP2048/1536 over ECP Diffie-Hellman groups
---

diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index a6089c839c..7d941348f5 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -256,23 +256,21 @@ plugin_t *plugin_create()
 	lib->crypto->add_hasher(lib->crypto, HASH_SHA512,
 					(hasher_constructor_t)openssl_hasher_create);
 
-	/* ec diffie hellman */
-	lib->crypto->add_dh(lib->crypto, ECP_192_BIT,
-						(dh_constructor_t)openssl_ec_diffie_hellman_create);
-	lib->crypto->add_dh(lib->crypto, ECP_224_BIT,
-						(dh_constructor_t)openssl_ec_diffie_hellman_create);
+	/* (ec) diffie hellman */
+	lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
+						(dh_constructor_t)openssl_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
+						(dh_constructor_t)openssl_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, ECP_256_BIT,
 						(dh_constructor_t)openssl_ec_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, ECP_384_BIT,
 						(dh_constructor_t)openssl_ec_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, ECP_521_BIT,
 						(dh_constructor_t)openssl_ec_diffie_hellman_create);
-
-	/* diffie hellman */
-	lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
-						(dh_constructor_t)openssl_diffie_hellman_create);
-	lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
-						(dh_constructor_t)openssl_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, ECP_224_BIT,
+						(dh_constructor_t)openssl_ec_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, ECP_192_BIT,
+						(dh_constructor_t)openssl_ec_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_3072_BIT,
 						(dh_constructor_t)openssl_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_4096_BIT,