diff options
author | Daiki Ueno <ueno@gnu.org> | 2020-06-26 10:21:26 +0200 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2020-08-31 08:12:54 +0200 |
commit | 07c80a2d677e9bebeaab0974deca21693fb173f6 (patch) | |
tree | 5649e5379af9508e9738081b3dca24cd2dccb561 /doc/credentials/dhparams/rfc3526-group-15-3072.pem | |
parent | f643e418e5e5220fe2e332c99275808229ce59ae (diff) | |
download | gnutls-07c80a2d677e9bebeaab0974deca21693fb173f6.tar.gz |
dhe: check if DH params in SKE match the FIPS approved algorithms
SP800-56A rev. 3 restricts the FIPS compliant clients to use only
approved DH parameters, defined in RFC 7919 and RFC 3526. This adds a
check in the handling of ServerKeyExchange if DHE is negotiated.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'doc/credentials/dhparams/rfc3526-group-15-3072.pem')
-rw-r--r-- | doc/credentials/dhparams/rfc3526-group-15-3072.pem | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/credentials/dhparams/rfc3526-group-15-3072.pem b/doc/credentials/dhparams/rfc3526-group-15-3072.pem new file mode 100644 index 0000000000..f27b778200 --- /dev/null +++ b/doc/credentials/dhparams/rfc3526-group-15-3072.pem @@ -0,0 +1,11 @@ +-----BEGIN DH PARAMETERS----- +MIIBiAKCAYEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb +IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft +awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT +mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh +fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq +5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM +fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq +ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqTrS +yv//////////AgEC +-----END DH PARAMETERS----- |