From ee3d4ef8016c151a0e19dc91bd0445f4aac1e2ef Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 12 Nov 2009 13:10:30 +0000 Subject: Prefer MODP2048/1536 over ECP Diffie-Hellman groups --- src/libstrongswan/plugins/openssl/openssl_plugin.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) (limited to 'src/libstrongswan/plugins/openssl/openssl_plugin.c') diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index a6089c839..7d941348f 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -256,23 +256,21 @@ plugin_t *plugin_create() lib->crypto->add_hasher(lib->crypto, HASH_SHA512, (hasher_constructor_t)openssl_hasher_create); - /* ec diffie hellman */ - lib->crypto->add_dh(lib->crypto, ECP_192_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_224_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); + /* (ec) diffie hellman */ + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, ECP_256_BIT, (dh_constructor_t)openssl_ec_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, ECP_384_BIT, (dh_constructor_t)openssl_ec_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, ECP_521_BIT, (dh_constructor_t)openssl_ec_diffie_hellman_create); - - /* diffie hellman */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, ECP_224_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, ECP_192_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, (dh_constructor_t)openssl_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, -- cgit v1.2.3