51 lines
1.4 KiB
Diff
51 lines
1.4 KiB
Diff
From: Ludovic Poujol <lpoujol@evolix.fr>
|
|
Date: Thu, 1 Feb 2024 12:58:05 +0100
|
|
Subject: Change dhparam from 512bits to 2048bits to make newer nrpe-clients
|
|
happy
|
|
|
|
---
|
|
configure | 2 +-
|
|
configure.in | 2 +-
|
|
src/nrpe.c | 2 +-
|
|
3 files changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/configure b/configure
|
|
index 6b9795c..001f22d 100755
|
|
--- a/configure
|
|
+++ b/configure
|
|
@@ -6745,7 +6745,7 @@ _ACEOF
|
|
sslbin=$ssldir/bin/openssl
|
|
fi
|
|
# awk to strip off meta data at bottom of dhparam output
|
|
- $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
|
|
+ $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
|
|
fi
|
|
fi
|
|
|
|
diff --git a/configure.in b/configure.in
|
|
index 0453f69..74aa81c 100644
|
|
--- a/configure.in
|
|
+++ b/configure.in
|
|
@@ -340,7 +340,7 @@ if test x$check_for_ssl = xyes; then
|
|
sslbin=$ssldir/bin/openssl
|
|
fi
|
|
# awk to strip off meta data at bottom of dhparam output
|
|
- $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
|
|
+ $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
|
|
fi
|
|
fi
|
|
|
|
diff --git a/src/nrpe.c b/src/nrpe.c
|
|
index e152118..e1f242c 100644
|
|
--- a/src/nrpe.c
|
|
+++ b/src/nrpe.c
|
|
@@ -266,7 +266,7 @@ int main(int argc, char **argv){
|
|
|
|
/* use anonymous DH ciphers */
|
|
SSL_CTX_set_cipher_list(ctx,"ADH");
|
|
- dh=get_dh512();
|
|
+ dh=get_dh2048();
|
|
SSL_CTX_set_tmp_dh(ctx,dh);
|
|
DH_free(dh);
|
|
if(debug==TRUE)
|