[Python-checkins] cpython (2.7): replace 512 bit dh key with a 2014 bit one (closes #23844)

benjamin.peterson python-checkins at python.org
Thu Apr 2 06:08:23 CEST 2015


https://hg.python.org/cpython/rev/4f2391e86643
changeset:   95365:4f2391e86643
branch:      2.7
parent:      95353:5d88f6531872
user:        Benjamin Peterson <benjamin at python.org>
date:        Thu Apr 02 00:04:06 2015 -0400
summary:
  replace 512 bit dh key with a 2014 bit one (closes #23844)

Patch by Cédric Krier.

files:
  Lib/test/dh1024.pem  |  7 +++++++
  Lib/test/dh512.pem   |  9 ---------
  Lib/test/test_ssl.py |  2 +-
  3 files changed, 8 insertions(+), 10 deletions(-)


diff --git a/Lib/test/dh1024.pem b/Lib/test/dh1024.pem
new file mode 100644
--- /dev/null
+++ b/Lib/test/dh1024.pem
@@ -0,0 +1,7 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAIbzw1s9CT8SV5yv6L7esdAdZYZjPi3qWFs61CYTFFQnf2s/d09NYaJt
+rrvJhIzWavqnue71qXCf83/J3nz3FEwUU/L0mGyheVbsSHiI64wUo3u50wK5Igo0
+RNs/LD0irs7m0icZ//hijafTU+JOBiuA8zMI+oZfU7BGuc9XrUprAgEC
+-----END DH PARAMETERS-----
+
+Generated with: openssl dhparam -out dh1024.pem  1024
diff --git a/Lib/test/dh512.pem b/Lib/test/dh512.pem
deleted file mode 100644
--- a/Lib/test/dh512.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN DH PARAMETERS-----
-MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak
-XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC
------END DH PARAMETERS-----
-
-These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
-Note that g is not a generator, but this is not a problem since p is a safe prime.
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -66,7 +66,7 @@
 NOKIACERT = data_file("nokia.pem")
 NULLBYTECERT = data_file("nullbytecert.pem")
 
-DHFILE = data_file("dh512.pem")
+DHFILE = data_file("dh1024.pem")
 BYTES_DHFILE = DHFILE.encode(sys.getfilesystemencoding())
 
 

-- 
Repository URL: https://hg.python.org/cpython


More information about the Python-checkins mailing list