tls: increase Diffie-Hellman group size to 2048 bits

1024 bits is already the minimum accepted size of current TLS libraries. 2048
is recommended for servers, see https://weakdh.org/

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep  3 03:47:48 CEST 2015 on sn-devel-104

diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index 0d9d3c986de6734e4756a9ab70e3f136933c4bf1..ad8bbd444a420a96e4eef3e2209b5d3fac664abd 100644 (file)
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -31,7 +31,7 @@
 #if ENABLE_GNUTLS
 #include <gnutls/gnutls.h>
 
-#define DH_BITS 1024
+#define DH_BITS 2048
 
 #if defined(HAVE_GNUTLS_DATUM) && !defined(HAVE_GNUTLS_DATUM_T)
 typedef gnutls_datum gnutls_datum_t;

diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c
index 188a3b801bf942b405499d540a2cd7ee463dc7f8..5c3e9f1142eebc479bac4e1127c2df920e01ec36 100644 (file)
--- a/source4/lib/tls/tls_tstream.c
+++ b/source4/lib/tls/tls_tstream.c
@@ -28,7 +28,7 @@
 #if ENABLE_GNUTLS
 #include <gnutls/gnutls.h>
 
-#define DH_BITS 1024
+#define DH_BITS 2048
 
 #if defined(HAVE_GNUTLS_DATUM) && !defined(HAVE_GNUTLS_DATUM_T)
 typedef gnutls_datum gnutls_datum_t;