diff options
author | Daiki Ueno <ueno@gnu.org> | 2020-06-26 10:21:26 +0200 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2020-08-31 08:12:54 +0200 |
commit | 07c80a2d677e9bebeaab0974deca21693fb173f6 (patch) | |
tree | 5649e5379af9508e9738081b3dca24cd2dccb561 /doc/credentials/dhparams/rfc5114-group-23-2048.pem | |
parent | f643e418e5e5220fe2e332c99275808229ce59ae (diff) | |
download | gnutls-07c80a2d677e9bebeaab0974deca21693fb173f6.tar.gz |
dhe: check if DH params in SKE match the FIPS approved algorithms
SP800-56A rev. 3 restricts the FIPS compliant clients to use only
approved DH parameters, defined in RFC 7919 and RFC 3526. This adds a
check in the handling of ServerKeyExchange if DHE is negotiated.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'doc/credentials/dhparams/rfc5114-group-23-2048.pem')
-rw-r--r-- | doc/credentials/dhparams/rfc5114-group-23-2048.pem | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/credentials/dhparams/rfc5114-group-23-2048.pem b/doc/credentials/dhparams/rfc5114-group-23-2048.pem new file mode 100644 index 0000000000..d4f360ef20 --- /dev/null +++ b/doc/credentials/dhparams/rfc5114-group-23-2048.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCgKCAQEArRB+HpEjqdDWYPqnlVnFH6INZOVoO5/RtUsVl7YdCnXm+hQd+VpW +26+aPEB7od8V6z1oijCcGA4d5rhaEnSgpm0/gVKtasISkDfJ7e/aTfjZHo/vVbc5 +S3rVt9C2wSIHyfmNEe002/bGugssi7wnvmoA4KC5xJcIs7+KMXCRiDaBKGEwvImF +2xYC5xRBXZMwJ4Jzx94x79xzEPcSH9WgdBWYfZrcCkhtzfk6zEQyg4cxXXXhmMZB +pIDNhqG55YfovmDmnMkosrnFIXLkEwQumyPxCw4W55djybU9z0uoCinj+3PBa451 +uX7zY+L/ox9xz53lOE5xuBwKxN/+DBDmTwKCAQEArEAy708tmuOd8wtcj/2sUGze +vnuJmYyvdIZqCM/k/+OmgkpOELmm8N2SHwGnDEr6q3OddwDCn1LFfbF8YgqGUr5e +kAGo1mrXwXZpEBmZAkr00CcnWsE0i7inYtBSG8mK4kcVBCLqHtQJk51U2nRgzbX2 +xrJQcXy+8YDrNBGOmNEZUppF1vg0Vm4wJeMWozDvu3eobwwasVsFGuPUKMj4rLcK +gTcVC47rEOGD7dGZY93Z4mPkdwWJ72qiHn9fL/OBtTnM40CdE81Wavu0jWwBkYHh +vP6UswJp7f5y/ptqpL17Wg8ccc//TBnEGOH27AF5gbwIfypwZbOEuJDTGR8r+g== +-----END DH PARAMETERS----- |