client: reject handshakes with DH parameters < 768 bits.

Since the client has no way of communicating her supported parameter range to the server, connections to servers that choose weak DH will simply fail. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2015-05-19 12:05:22 +0200
committer: Emilia Kasper <emilia@openssl.org> 2015-05-20 15:01:36 +0200
commit: 63830384e90d9b36d2793d4891501ec024827433 (patch)
tree: da5b03f61bba408107d21065c4cbf78b81187e14 /ssl/ssl.h
parent: ff4de7dde90d15b366abe4664b904f22539969c9 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 62472a1e3c..32e27c6fbf 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2524,6 +2524,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_R_DATA_LENGTH_TOO_LONG                       146
 # define SSL_R_DECRYPTION_FAILED                          147
 # define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281
+# define SSL_R_DH_KEY_TOO_SMALL                           372
 # define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
 # define SSL_R_DIGEST_CHECK_FAILED                        149
 # define SSL_R_DTLS_MESSAGE_TOO_BIG                       334
author	Emilia Kasper <emilia@openssl.org>	2015-05-19 12:05:22 +0200
committer	Emilia Kasper <emilia@openssl.org>	2015-05-20 15:01:36 +0200
commit	63830384e90d9b36d2793d4891501ec024827433 (patch)
tree	da5b03f61bba408107d21065c4cbf78b81187e14 /ssl/ssl.h
parent	ff4de7dde90d15b366abe4664b904f22539969c9 (diff)