diff options
| author | lloyd <[email protected]> | 2012-06-25 17:21:21 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-06-25 17:21:21 +0000 |
| commit | 0b817481d04aa9585c056d10ab55d2f2df42816d (patch) | |
| tree | 9ecc697ec6677358ae41094bc8593cd5a42a873e /src/tls/tls_client.cpp | |
| parent | fd289ebe6dd7e4bafd6e5ca1c76d7075960847cc (diff) | |
Add TLS::Policy::minimum_dh_group_size, default 1024. Send an
insufficient_security alert if the server tries to give us a DH group
smaller than that. Also check to make sure the key isn't obviously
bogus (<=1 || >= p-1), though as the key is purely ephemeral it
doesn't seem like a small subgroup attack would provide much advantage
anyway.
Diffstat (limited to 'src/tls/tls_client.cpp')
| -rw-r--r-- | src/tls/tls_client.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index 0231b9c53..7dc0c224e 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -368,6 +368,7 @@ void Client::process_handshake_msg(Handshake_Type type, m_state->client_kex = new Client_Key_Exchange(m_writer, m_state, + m_policy, m_creds, m_peer_certs, m_hostname, |