Loading apps/dh512.pemdeleted 100644 → 0 +0 −9 Original line number Diff line number Diff line -----BEGIN DH PARAMETERS----- MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC -----END DH PARAMETERS----- These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols" (http://www.skip-vpn.org/spec/numbers.html). See there for how they were generated. Note that g is not a generator, but this is not a problem since p is a safe prime. doc/ssl/SSL_CTX_set_tmp_dh_callback.pod +2 −3 Original line number Diff line number Diff line Loading @@ -83,9 +83,8 @@ which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the B<-C> option of the L<dhparam(1)|dhparam(1)> application. Generation of custom DH parameters during installation should still be preferred to stop an attacker from specializing on a commonly used group. Files dh1024.pem and dh512.pem contain old parameters that must not be used by applications. attacker from specializing on a commonly used group. File dh1024.pem contains old parameters that must not be used by applications. An application may either directly specify the DH parameters or can supply the DH parameters via a callback function. Loading Loading
apps/dh512.pemdeleted 100644 → 0 +0 −9 Original line number Diff line number Diff line -----BEGIN DH PARAMETERS----- MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC -----END DH PARAMETERS----- These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols" (http://www.skip-vpn.org/spec/numbers.html). See there for how they were generated. Note that g is not a generator, but this is not a problem since p is a safe prime.
doc/ssl/SSL_CTX_set_tmp_dh_callback.pod +2 −3 Original line number Diff line number Diff line Loading @@ -83,9 +83,8 @@ which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the B<-C> option of the L<dhparam(1)|dhparam(1)> application. Generation of custom DH parameters during installation should still be preferred to stop an attacker from specializing on a commonly used group. Files dh1024.pem and dh512.pem contain old parameters that must not be used by applications. attacker from specializing on a commonly used group. File dh1024.pem contains old parameters that must not be used by applications. An application may either directly specify the DH parameters or can supply the DH parameters via a callback function. Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>