security: fix DH key generation when FIPS mode is on

When FIPS mode is on, gnutls_dh_params_generate2 will fail if 1024 is specified as the prime's number of bits, a bigger value works in both cases. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2024-07-30 21:47:18 +00:00 · 2014-09-04 10:05:36 +02:00 · 2014-09-04 10:05:36 +02:00 · ab22096710
commit ab22096710
parent 5bb47e0ca7
1 changed files with 1 additions and 1 deletions
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@ -43,7 +43,7 @@
 #include "virthread.h"
 #include "configmake.h"

-#define DH_BITS 1024
+#define DH_BITS 2048

 #define LIBVIRT_PKI_DIR SYSCONFDIR "/pki"
 #define LIBVIRT_CACERT LIBVIRT_PKI_DIR "/CA/cacert.pem"