This repository has been archived by the owner on Apr 22, 2023. It is now read-only.
disable modp1 by default and deprecate modp2 and modp5 in getDiffieHellman #25372
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
thinred
force-pushed
the
fix-issue
branch
2 times, most recently
from
66d5133
to
99adf64
Compare
thinred
changed the title
thinred
force-pushed
the
fix-issue
branch
4 times, most recently
from
b5a8be4
to
8f843dd
Compare
|
I think that since this would apply to 0.10.X stream we'd want a PR for merging the change into v0.10 and then we'd merge into 0.12.X and master. The other question is whether we should add a similar check to crypto.createDiffieHellman(prime_length) as well. ie reject a prime_length smaller than 768 and use the same command line/env variable to allow fallback. Otherwise the change looks good to me. |
|
1st question: Ok, I'll rebase it. Btw, is this code the only user of ENABLE_SMALL_DH_GROUPS now? |
In particular:
- DH groups of size < 1024 are disabled by default
(there is only one such group: modp1)
- a new cmdline switch --enable-small-dh-groups and
SMALL_DH_GROUPS_ENABLE env. variable are introduced;
they override the default setting and therefore enable
modp1 group
- the docs & tests are updated
|
I created a new PR on top of 0.10 in #25564. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #25366 by deprecating modp1, modp2 and modp5 groups in the docs. Some time should be given to the users to update their codebases.