aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2015-11-13 14:19:49 -0500
committerJack Lloyd <[email protected]>2015-11-13 14:19:49 -0500
commit71a932d8cd3a10870905c824c202f0f003066056 (patch)
treec515b42422dce7cbc95253bdd2c2eb81204062b5 /src/lib
parent17a9739602a14663adc0186093517a3874f6f098 (diff)
Drop the DH group check to a weaker version of the checks
since the primality tests are expensive in CPU time.
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/tls/msg_client_kex.cpp5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp
index c5b9305c7..7ce9b9df2 100644
--- a/src/lib/tls/msg_client_kex.cpp
+++ b/src/lib/tls/msg_client_kex.cpp
@@ -106,8 +106,9 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
DL_Group group(p, g);
- if(!group.verify_group(rng, true))
- throw Internal_Error("DH group failed validation, possible attack");
+ if(!group.verify_group(rng, false))
+ throw TLS_Exception(Alert::INSUFFICIENT_SECURITY,
+ "DH group validation failed");
DH_PublicKey counterparty_key(group, Y);