diff options
| author | Florian Westphal <fw@strlen.de> | 2011-06-04 22:57:29 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2011-06-04 22:57:29 +0200 |
| commit | 49b2d0ec98d001fbc8eedd5a183d66974f70fd52 (patch) | |
| tree | 9d5783e7440558ae9d8efc4e2c8780fb08858288 /src | |
| parent | dd7d64f577633d68a11b6dc0e97ec00df0645343 (diff) | |
| download | ngircd-49b2d0ec98d001fbc8eedd5a183d66974f70fd52.tar.gz ngircd-49b2d0ec98d001fbc8eedd5a183d66974f70fd52.zip | |
ssl: gnutls: bump dh bitsize to 2048
problem is that some clients refuse to connect to severs that only offer 1024. For interoperability it would be best to just use 4096, but that takes minutes, even on current hardware.
Diffstat (limited to 'src')
| -rw-r--r-- | src/ngircd/conn-ssl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c index edcc5bd5..7630420d 100644 --- a/src/ngircd/conn-ssl.c +++ b/src/ngircd/conn-ssl.c @@ -51,7 +51,7 @@ static bool ConnSSL_LoadServerKey_openssl PARAMS(( SSL_CTX *c )); #include <unistd.h> #include <gnutls/x509.h> -#define DH_BITS 1024 +#define DH_BITS 2048 static gnutls_certificate_credentials_t x509_cred; static gnutls_dh_params_t dh_params; |