diff options
-rw-r--r-- | lib/freebl/blapit.h | 3 | ||||
-rw-r--r-- | lib/ssl/ssl3con.c | 4 |
2 files changed, 5 insertions, 2 deletions
diff --git a/lib/freebl/blapit.h b/lib/freebl/blapit.h index 7bad59d41..a43edef5b 100644 --- a/lib/freebl/blapit.h +++ b/lib/freebl/blapit.h @@ -141,6 +141,9 @@ typedef int __BLAPI_DEPRECATED __attribute__((deprecated)); #define RSA_MIN_MODULUS_BITS 512 #define RSA_MAX_MODULUS_BITS 16384 #define RSA_MAX_EXPONENT_BITS 64 +/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be + * only 1023 bits and similar. We don't have good data on whether this + * happens because NSS used to count bit lengths incorrectly. */ #define DH_MIN_P_BITS 1023 #define DH_MAX_P_BITS 16384 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index fa18667c9..8f67aeebb 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -10050,8 +10050,8 @@ ssl3_AuthCertificate(sslSocket *ss) KeyType pubKeyType = SECKEY_GetPublicKeyType(pubKey); /* Too small: not good enough. Send a fatal alert. */ /* TODO: Use 1023 for RSA because a higher RSA_MIN_MODULUS_BITS - * breaks export cipher suites; when those are removed, increase - * RSA_MIN_MODULUS_BITS and use that here. */ + * breaks export cipher suites, not 1024 to be conservative; when + * export removed, increase RSA_MIN_MODULUS_BITS and use that. */ /* We aren't checking EC here on the understanding that we only * support curves we like, a decision that might need revisiting. */ if (((pubKeyType == rsaKey || pubKeyType == rsaPssKey || |