aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorRenĂ© Korthaus <[email protected]>2019-11-14 09:14:48 +0100
committerRenĂ© Korthaus <[email protected]>2019-11-14 09:14:48 +0100
commitba77c332de3d2b8e6a0fa11b5d725a8db5514e55 (patch)
tree7ffc1df534db9c0894486f57097eb9ad364eb919 /src
parent292330e493547a49484b173bb14a674fee88ad2d (diff)
Remove some FFDHE groups from BSI TLS policy
BSI TR-02102-2 version 2019-01 explicitly lists the FFDHE groups recommended now. ffdhe6144 and ffdhe8192 are not listed, so we remove them from the BSI TLS policy.
Diffstat (limited to 'src')
-rw-r--r--src/lib/tls/tls_policy.h2
-rw-r--r--src/tests/data/tls-policy/bsi.txt2
2 files changed, 1 insertions, 3 deletions
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index b076d5f9d..de3153496 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -451,8 +451,6 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 : public Policy
Group_Params::BRAINPOOL256R1,
Group_Params::SECP384R1,
Group_Params::SECP256R1,
- Group_Params::FFDHE_8192,
- Group_Params::FFDHE_6144,
Group_Params::FFDHE_4096,
Group_Params::FFDHE_3072,
Group_Params::FFDHE_2048
diff --git a/src/tests/data/tls-policy/bsi.txt b/src/tests/data/tls-policy/bsi.txt
index c62777472..f69e03376 100644
--- a/src/tests/data/tls-policy/bsi.txt
+++ b/src/tests/data/tls-policy/bsi.txt
@@ -9,7 +9,7 @@ signature_hashes = SHA-384 SHA-256
macs = AEAD SHA-384 SHA-256
key_exchange_methods = ECDH DH PSK ECDHE_PSK DHE_PSK
signature_methods = ECDSA RSA DSA
-key_exchange_groups = brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 ffdhe/ietf/8192 ffdhe/ietf/6144 ffdhe/ietf/4096 ffdhe/ietf/3072 ffdhe/ietf/2048
+key_exchange_groups = brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 ffdhe/ietf/4096 ffdhe/ietf/3072 ffdhe/ietf/2048
minimum_dh_group_size = 2000
minimum_dsa_group_size = 2000
minimum_ecdh_group_size = 250
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-15 00:43:24 +0000