From 74c5e92628ae71b988a81301ffbf683e9c8315c2 Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Tue, 24 May 2022 17:39:54 +0200 Subject: [PATCH] Switch to ffdhe3072 to enable RFC 7919 The idea being: - it's a "nothing up my sleeves" group - it may help shave off some bytes of the SSL handshake; That being said, I doubt that clients that are modern enough to support this RFC won't offer an EC kex https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe3072.pem --- core/nginx/conf/dhparam.pem | 18 +++++++++--------- towncrier/newsfragments/2357.misc | 1 + 2 files changed, 10 insertions(+), 9 deletions(-) create mode 100644 towncrier/newsfragments/2357.misc diff --git a/core/nginx/conf/dhparam.pem b/core/nginx/conf/dhparam.pem index 4f25f663..fb31ccda 100644 --- a/core/nginx/conf/dhparam.pem +++ b/core/nginx/conf/dhparam.pem @@ -1,11 +1,11 @@ -----BEGIN DH PARAMETERS----- -MIIBiAKCAYEAtQlUSOKGjpdXJ154qmMEa1pEs+9CdSxWiZFkiXBJb0lTafOh8cfF -2IkcWSwzxWwjW4Ad26UQQFh1poGf2QBzVk2vuKCekYzPAs/WqH8VwiXBiWR5R9lh -v/+CkEBYuQOzAhXLN6ZGdPPa2sjdI49rlaIqyLJE4D0TI/VHYmC/vEwqkJUgaGrS -19LhHZimnmouvrnyBPyf00czXlMow0RnmYeHVZ7W5hu7t9TH9o3QAN/GKiFfxFj+ -RkdLM7beQdS0He5YeTaElM5l1YT5d5gHFbOzEQyKHd10ux+bgVcgUeVbBnI1SAIC -w53yc1PkDAiRijSP5j5aWq1djtJPheS13o35HyIf0cHzkNYhKfX5JWPj/cbgdM+C -FL1bnRc8sL5oxmkDoGJhiNZIf4n2WtS8Zu28gUgat6S+vCm/4yavIc/T1g6UiNKE -X41HPbsma/QWUwOL6S+b2qr+7rKqjI5TzVek8vBMellEV4mBvfQU3NDSQ4WvxbTq -ZEOgLPA178nrAgEC +MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz ++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a +87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 +YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi +7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD +ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 +7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 +nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu +N///////////AgEC -----END DH PARAMETERS----- diff --git a/towncrier/newsfragments/2357.misc b/towncrier/newsfragments/2357.misc new file mode 100644 index 00000000..2b64501d --- /dev/null +++ b/towncrier/newsfragments/2357.misc @@ -0,0 +1 @@ +Switch to ffdhe3072, the "nothing up my sleeves" group defined in RFC 7919.