diff options
author | Daiki Ueno <ueno@gnu.org> | 2020-06-26 10:21:26 +0200 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2020-06-27 12:57:09 +0200 |
commit | 3f4532862bf9140976d970ab14e102cede61d1c7 (patch) | |
tree | e7f66327cb9a9dd1463b24a3446cb673b14a6a1f /doc/credentials/dhparams/rfc7919-ffdhe4096.pem | |
parent | 481e48f3236be42ff1fcb96f96c4efcbb2b69242 (diff) | |
download | gnutls-3f4532862bf9140976d970ab14e102cede61d1c7.tar.gz |
dhe: check if DH params in SKE match the FIPS approved algorithmstmp-sp800-56ar3
SP800-56A rev. 3 restricts the FIPS compliant clients to use only
approved DH parameters, defined in RFC 7919 and RFC 3526. This adds a
check in the handling of ServerKeyExchange if DHE is negotiated.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'doc/credentials/dhparams/rfc7919-ffdhe4096.pem')
-rw-r--r-- | doc/credentials/dhparams/rfc7919-ffdhe4096.pem | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/credentials/dhparams/rfc7919-ffdhe4096.pem b/doc/credentials/dhparams/rfc7919-ffdhe4096.pem new file mode 100644 index 0000000000..ad9f68b1e2 --- /dev/null +++ b/doc/credentials/dhparams/rfc7919-ffdhe4096.pem @@ -0,0 +1,14 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz ++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a +87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 +YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi +7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD +ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 +7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 +nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e +8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx +iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K +zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI= +-----END DH PARAMETERS----- + |