diff options
author | Jack Lloyd <[email protected]> | 2015-11-13 14:19:49 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2015-11-13 14:19:49 -0500 |
commit | 71a932d8cd3a10870905c824c202f0f003066056 (patch) | |
tree | c515b42422dce7cbc95253bdd2c2eb81204062b5 /src/lib | |
parent | 17a9739602a14663adc0186093517a3874f6f098 (diff) |
Drop the DH group check to a weaker version of the checks
since the primality tests are expensive in CPU time.
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/tls/msg_client_kex.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index c5b9305c7..7ce9b9df2 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -106,8 +106,9 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, DL_Group group(p, g); - if(!group.verify_group(rng, true)) - throw Internal_Error("DH group failed validation, possible attack"); + if(!group.verify_group(rng, false)) + throw TLS_Exception(Alert::INSUFFICIENT_SECURITY, + "DH group validation failed"); DH_PublicKey counterparty_key(group, Y); |