GnuTLS: use 1024 (DH_BITS_MIN) as minimum size of the DH prime

For outgoing connections, we use 2048 (DH_BITS) since commit 49b2d0e.

This patch enables ngIRCd to accept incoming connections from other servers
and clients that use at least 1024 bits (and no longer requires 2048 for
incoming connections, too).

Patch proposed by Florian Westphal.

1 files changed, 3 insertions, 2 deletions

diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c
index 7630420d..ffb1b104 100644
--- a/src/ngircd/conn-ssl.c
+++ b/src/ngircd/conn-ssl.c
@@ -52,9 +52,10 @@ static bool ConnSSL_LoadServerKey_openssl PARAMS(( SSL_CTX *c ));
 #include <gnutls/x509.h>
 
 #define DH_BITS 2048
+#define DH_BITS_MIN 1024
+
 static gnutls_certificate_credentials_t x509_cred;
 static gnutls_dh_params_t dh_params;
-
 static bool ConnSSL_LoadServerKey_gnutls PARAMS(( void ));
 #endif
 
@@ -426,7 +427,7 @@ ConnSSL_Init_SSL(CONNECTION *c)
 		ConnSSL_Free(c);
 		return false;
 	}
-	gnutls_dh_set_prime_bits(c->ssl_state.gnutls_session, DH_BITS);
+	gnutls_dh_set_prime_bits(c->ssl_state.gnutls_session, DH_BITS_MIN);
 #endif
 	Conn_OPTION_ADD(c, CONN_SSL);
 	return true;