Remove 512-bit DH group

512-bit DH keys are severely weak and have been implicated in recent attacks: https://weakdh.org/
author: Tony Arcieri <bascule@gmail.com> 2016-01-07 11:02:31 -0800
committer: Tony Arcieri <bascule@gmail.com> 2016-01-07 11:02:31 -0800
commit: 6dee08d14f7a8a51691b799592774e805d6f8707 (patch)
tree: a43722f214101c0ceb9e298ff90068307a2db97e /lib
parent: 962ebf2d17427fb9563f32c96daf4ea881fc9032 (diff)
download: ruby-openssl-6dee08d14f7a8a51691b799592774e805d6f8707.tar.gz
1 files changed, 0 insertions, 8 deletions
diff --git a/lib/openssl/pkey.rb b/lib/openssl/pkey.rb
index 3f65adad..89563b65 100644
--- a/lib/openssl/pkey.rb
+++ b/lib/openssl/pkey.rb
@@ -4,13 +4,6 @@ module OpenSSL
     if defined?(OpenSSL::PKey::DH)
 
     class DH
-      DEFAULT_512 = new <<-_end_of_pem_
------BEGIN DH PARAMETERS-----
-MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2
-zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC
------END DH PARAMETERS-----
-      _end_of_pem_
-
       DEFAULT_1024 = new <<-_end_of_pem_
 -----BEGIN DH PARAMETERS-----
 MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ
@@ -23,7 +16,6 @@ T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC
     DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen|
       warn "using default DH parameters." if $VERBOSE
       case keylen
-      when 512  then OpenSSL::PKey::DH::DEFAULT_512
       when 1024 then OpenSSL::PKey::DH::DEFAULT_1024
       else
         nil
author	Tony Arcieri <bascule@gmail.com>	2016-01-07 11:02:31 -0800
committer	Tony Arcieri <bascule@gmail.com>	2016-01-07 11:02:31 -0800
commit	6dee08d14f7a8a51691b799592774e805d6f8707 (patch)
tree	a43722f214101c0ceb9e298ff90068307a2db97e /lib
parent	962ebf2d17427fb9563f32c96daf4ea881fc9032 (diff)
download	ruby-openssl-6dee08d14f7a8a51691b799592774e805d6f8707.tar.gz