diff --git a/debian/patches/0007-Change-dhparam-from-512bits-to-2048bits-to-make-newe.patch b/debian/patches/0007-Change-dhparam-from-512bits-to-2048bits-to-make-newe.patch new file mode 100644 index 0000000..5448796 --- /dev/null +++ b/debian/patches/0007-Change-dhparam-from-512bits-to-2048bits-to-make-newe.patch @@ -0,0 +1,50 @@ +From: Ludovic Poujol +Date: Thu, 1 Feb 2024 12:58:05 +0100 +Subject: Change dhparam from 512bits to 2048bits to make newer nrpe-clients + happy + +--- + configure | 2 +- + configure.in | 2 +- + src/nrpe.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/configure b/configure +index 6b9795c..001f22d 100755 +--- a/configure ++++ b/configure +@@ -6745,7 +6745,7 @@ _ACEOF + sslbin=$ssldir/bin/openssl + fi + # awk to strip off meta data at bottom of dhparam output +- $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h ++ $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h + fi + fi + +diff --git a/configure.in b/configure.in +index 0453f69..74aa81c 100644 +--- a/configure.in ++++ b/configure.in +@@ -340,7 +340,7 @@ if test x$check_for_ssl = xyes; then + sslbin=$ssldir/bin/openssl + fi + # awk to strip off meta data at bottom of dhparam output +- $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h ++ $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h + fi + fi + +diff --git a/src/nrpe.c b/src/nrpe.c +index e152118..e1f242c 100644 +--- a/src/nrpe.c ++++ b/src/nrpe.c +@@ -266,7 +266,7 @@ int main(int argc, char **argv){ + + /* use anonymous DH ciphers */ + SSL_CTX_set_cipher_list(ctx,"ADH"); +- dh=get_dh512(); ++ dh=get_dh2048(); + SSL_CTX_set_tmp_dh(ctx,dh); + DH_free(dh); + if(debug==TRUE) diff --git a/debian/patches/series b/debian/patches/series index bb9c4e6..c453189 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -4,3 +4,4 @@ 06_pid_directory.dpatch 07_warn_ssloption.dpatch 09_noremove_pid.dpatch +0007-Change-dhparam-from-512bits-to-2048bits-to-make-newe.patch