client: reject handshakes with DH parameters < 768 bits.

Since the client has no way of communicating her supported parameter range to the server, connections to servers that choose weak DH will simply fail. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2015-05-19 12:05:22 +0200
committer: Emilia Kasper <emilia@openssl.org> 2015-05-20 15:01:36 +0200
commit: 63830384e90d9b36d2793d4891501ec024827433 (patch)
tree: da5b03f61bba408107d21065c4cbf78b81187e14 /CHANGES
parent: ff4de7dde90d15b366abe4664b904f22539969c9 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index 11bdbbd692..9d2f9f9fa8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,8 @@
 
  Changes between 1.0.1m and 1.0.1n [xx XXX xxxx]
 
-  *)
+  *) Reject DH handshakes with parameters shorter than 768 bits.
+     [Kurt Roeckx and Emilia Kasper]
 
  Changes between 1.0.1l and 1.0.1m [19 Mar 2015]
author	Emilia Kasper <emilia@openssl.org>	2015-05-19 12:05:22 +0200
committer	Emilia Kasper <emilia@openssl.org>	2015-05-20 15:01:36 +0200
commit	63830384e90d9b36d2793d4891501ec024827433 (patch)
tree	da5b03f61bba408107d21065c4cbf78b81187e14 /CHANGES
parent	ff4de7dde90d15b366abe4664b904f22539969c9 (diff)