From 7af3b108ac0e198acb9ce2df5670b8a7f7d1f652 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Wed, 22 Mar 2017 22:13:26 +1030
Subject: Change TLS server default DH parameters to 2048-bit group from RFC
 3526

---
 crypto/src/crypto/tls/DefaultTlsServer.cs | 2 +-
 crypto/src/crypto/tls/PskTlsServer.cs     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'crypto')

diff --git a/crypto/src/crypto/tls/DefaultTlsServer.cs b/crypto/src/crypto/tls/DefaultTlsServer.cs
index 44ceb30e3..87d0539b3 100644
--- a/crypto/src/crypto/tls/DefaultTlsServer.cs
+++ b/crypto/src/crypto/tls/DefaultTlsServer.cs
@@ -42,7 +42,7 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         protected virtual DHParameters GetDHParameters()
         {
-            return DHStandardGroups.rfc5114_2048_256;
+            return DHStandardGroups.rfc3526_2048;
         }
 
         protected override int[] GetCipherSuites()
diff --git a/crypto/src/crypto/tls/PskTlsServer.cs b/crypto/src/crypto/tls/PskTlsServer.cs
index 85f3055fb..d6f54db1f 100644
--- a/crypto/src/crypto/tls/PskTlsServer.cs
+++ b/crypto/src/crypto/tls/PskTlsServer.cs
@@ -28,7 +28,7 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         protected virtual DHParameters GetDHParameters()
         {
-            return DHStandardGroups.rfc5114_2048_256;
+            return DHStandardGroups.rfc3526_2048;
         }
 
         protected override int[] GetCipherSuites()
-- 
cgit 1.4.1