From 87a591bab3f66d305e3f9e1108bd7c57f3301a7a Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Sun, 13 Aug 2017 12:09:29 +0700
Subject: Use ffdhe2048 from RFC 7919 as TLS default DH group

---
 crypto/src/crypto/tls/DefaultTlsServer.cs | 2 +-
 crypto/src/crypto/tls/PskTlsServer.cs     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'crypto')

diff --git a/crypto/src/crypto/tls/DefaultTlsServer.cs b/crypto/src/crypto/tls/DefaultTlsServer.cs
index 8b9a7c9a0..97eaa079d 100644
--- a/crypto/src/crypto/tls/DefaultTlsServer.cs
+++ b/crypto/src/crypto/tls/DefaultTlsServer.cs
@@ -42,7 +42,7 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         protected virtual DHParameters GetDHParameters()
         {
-            return DHStandardGroups.rfc3526_2048;
+            return DHStandardGroups.rfc7919_ffdhe2048;
         }
 
         protected override int[] GetCipherSuites()
diff --git a/crypto/src/crypto/tls/PskTlsServer.cs b/crypto/src/crypto/tls/PskTlsServer.cs
index d6f54db1f..b0fb67c04 100644
--- a/crypto/src/crypto/tls/PskTlsServer.cs
+++ b/crypto/src/crypto/tls/PskTlsServer.cs
@@ -28,7 +28,7 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         protected virtual DHParameters GetDHParameters()
         {
-            return DHStandardGroups.rfc3526_2048;
+            return DHStandardGroups.rfc7919_ffdhe2048;
         }
 
         protected override int[] GetCipherSuites()
-- 
cgit 1.5.1