Change DH key size default from 1066 to 2066

2025-10-23 12:00:59 +02:00 · 2020-04-15 22:07:26 +02:00 · 2020-04-15 22:07:26 +02:00 · fb8dc8a736
commit fb8dc8a736
parent 4722697645
5 changed files with 21 additions and 21 deletions
--- a/README.turnserver
+++ b/README.turnserver
@ -190,9 +190,9 @@ Flags:
 			
 --oauth			Support oAuth authentication, as in the third-party STUN/TURN RFC 7635.
 			
--dh566			Use 566 bits predefined DH TLS key. Default size of the key is 1066.
+--dh566			Use 566 bits predefined DH TLS key. Default size of the key is 2066.

--dh2066		Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
+--dh1066		Use 1066 bits predefined DH TLS key. Default size of the key is 2066.

 --no-tlsv1		Do not allow TLSv1/DTLSv1 protocol.

@ -457,7 +457,7 @@ Options with values:
 			by this option.

 --dh-file		Use custom DH TLS key, stored in PEM format in the file.
-			Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.
+			Flags --dh566 and --dh1066 are ignored when the DH key is taken from a file.

 -l, --log-file		Option to set the full path name of the log file.
 			By default, the turnserver tries to open a log file in 
--- a/man/man1/turnadmin.1
+++ b/man/man1/turnadmin.1
@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "12 February 2020" "" ""
+.TH TURN 1 "15 April 2020" "" ""
 .SH GENERAL INFORMATION

 \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage 
--- a/man/man1/turnserver.1
+++ b/man/man1/turnserver.1
@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "12 February 2020" "" ""
+.TH TURN 1 "15 April 2020" "" ""
 .SH GENERAL INFORMATION

 The \fBTURN Server\fP project contains the source code of a TURN server and TURN client 
@ -281,11 +281,11 @@ Support oAuth authentication, as in the third\-party STUN/TURN RFC 7635.
 .TP
 .B
 \fB\-\-dh566\fP
-Use 566 bits predefined DH TLS key. Default size of the key is 1066.
+Use 566 bits predefined DH TLS key. Default size of the key is 2066.
 .TP
 .B
-\fB\-\-dh2066\fP
-Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
+\fB\-\-dh1066\fP
+Use 1066 bits predefined DH TLS key. Default size of the key is 2066.
 .TP
 .B
 \fB\-\-no\-tlsv1\fP
@ -667,7 +667,7 @@ by this option.
 .B
 \fB\-\-dh\-file\fP
 Use custom DH TLS key, stored in PEM format in the file.
-Flags \fB\-\-dh566\fP and \fB\-\-dh2066\fP are ignored when the DH key is taken from a file.
+Flags \fB\-\-dh566\fP and \fB\-\-dh1066\fP are ignored when the DH key is taken from a file.
 .TP
 .B
 \fB\-l\fP, \fB\-\-log\-file\fP
--- a/man/man1/turnutils.1
+++ b/man/man1/turnutils.1
@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "12 February 2020" "" ""
+.TH TURN 1 "15 April 2020" "" ""
 .SH GENERAL INFORMATION

 A set of turnutils_* programs provides some utility functionality to be used
--- a/src/apps/relay/mainrelay.c
+++ b/src/apps/relay/mainrelay.c
@ -90,7 +90,7 @@ NULL,
 NULL,
 #endif

-DH_1066, "", "", "",
+DH_2066, "", "", "",
 "turn_server_cert.pem","turn_server_pkey.pem", "", "",
 0,0,0,
 #if !TLS_SUPPORTED
@ -555,10 +555,10 @@ static char Usage[] = "Usage: turnserver [options]\n"
 "						if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,\n"
 "						an optimal curve will be automatically calculated, if not defined\n"
 "						by this option.\n"
-" --dh566					Use 566 bits predefined DH TLS key. Default size of the predefined key is 1066.\n"
-" --dh2066					Use 2066 bits predefined DH TLS key. Default size of the predefined key is 1066.\n"
+" --dh566					Use 566 bits predefined DH TLS key. Default size of the predefined key is 2066.\n"
+" --dh1066					Use 1066 bits predefined DH TLS key. Default size of the predefined key is 2066.\n"
 " --dh-file	<dh-file-name>			Use custom DH TLS key, stored in PEM format in the file.\n"
-"						Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.\n"
+"						Flags --dh566 and --dh1066 are ignored when the DH key is taken from a file.\n"
 " --no-tlsv1					Do not allow TLSv1/DTLSv1 protocol.\n"
 " --no-tlsv1_1					Do not allow TLSv1.1 protocol.\n"
 " --no-tlsv1_2					Do not allow TLSv1.2/DTLSv1.2 protocol.\n"
@ -766,7 +766,7 @@ enum EXTRA_OPTS {
 	CLI_MAX_SESSIONS_OPT,
 	EC_CURVE_NAME_OPT,
 	DH566_OPT,
-	DH2066_OPT,
+	DH1066_OPT,
 	NE_TYPE_OPT,
 	NO_SSLV2_OPT, /*deprecated*/
 	NO_SSLV3_OPT, /*deprecated*/
@ -896,7 +896,7 @@ static const struct myoption long_options[] = {
 				{ "cli-max-output-sessions", required_argument, NULL, CLI_MAX_SESSIONS_OPT },
 				{ "ec-curve-name", required_argument, NULL, EC_CURVE_NAME_OPT },
 				{ "dh566", optional_argument, NULL, DH566_OPT },
-				{ "dh2066", optional_argument, NULL, DH2066_OPT },
+				{ "dh1066", optional_argument, NULL, DH1066_OPT },
 				{ "ne", required_argument, NULL, NE_TYPE_OPT },
 				{ "no-sslv2", optional_argument, NULL, NO_SSLV2_OPT }, /* deprecated */
 				{ "no-sslv3", optional_argument, NULL, NO_SSLV3_OPT }, /* deprecated */
@ -1162,9 +1162,9 @@ static void set_option(int c, char *value)
 	  if(get_bool_value(value))
 		  turn_params.dh_key_size = DH_566;
 	  break;
-  case DH2066_OPT:
+  case DH1066_OPT:
 	  if(get_bool_value(value))
-		  turn_params.dh_key_size = DH_2066;
+		  turn_params.dh_key_size = DH_1066;
 	  break;
  case EC_CURVE_NAME_OPT:
 	  STRCPY(turn_params.ec_curve_name,value);
@ -2899,10 +2899,10 @@ static void set_ctx(SSL_CTX** out, const char *protocol, const SSL_METHOD* metho
 		if(!dh) {
 			if(turn_params.dh_key_size == DH_566)
 				dh = get_dh566();
-			else if(turn_params.dh_key_size == DH_2066)
-				dh = get_dh2066();
-			else
+			else if(turn_params.dh_key_size == DH_1066)
 				dh = get_dh1066();
+			else
+				dh = get_dh2066();
 		}

 		/*