# HG changeset patch

# User Benjamin Peterson <benjamin@python.org>

# Date 1427947446 14400

# Node ID 4f2391e866434a94ca6d87dff5ea01fcab91d08a

# Parent  5d88f653187203d85f4cfd4877f093af3919035b

replace 512 bit dh key with a 2014 bit one (closes #23844)

Patch by Cédric Krier.

diff --git a/Lib/test/dh1024.pem b/Lib/test/dh1024.pem

new file mode 100644

--- /dev/null

+++ b/Lib/test/dh1024.pem

@@ -0,0 +1,7 @@

+-----BEGIN DH PARAMETERS-----

+MIGHAoGBAIbzw1s9CT8SV5yv6L7esdAdZYZjPi3qWFs61CYTFFQnf2s/d09NYaJt

+rrvJhIzWavqnue71qXCf83/J3nz3FEwUU/L0mGyheVbsSHiI64wUo3u50wK5Igo0

+RNs/LD0irs7m0icZ//hijafTU+JOBiuA8zMI+oZfU7BGuc9XrUprAgEC

+-----END DH PARAMETERS-----

+

+Generated with: openssl dhparam -out dh1024.pem  1024

diff --git a/Lib/test/dh512.pem b/Lib/test/dh512.pem

deleted file mode 100644

--- a/Lib/test/dh512.pem

+++ /dev/null

@@ -1,9 +0,0 @@

------BEGIN DH PARAMETERS-----

-MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak

-XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC

------END DH PARAMETERS-----

-

-These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols"

-(http://www.skip-vpn.org/spec/numbers.html).

-See there for how they were generated.

-Note that g is not a generator, but this is not a problem since p is a safe prime.

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py

--- a/Lib/test/test_ssl.py

+++ b/Lib/test/test_ssl.py

@@ -66,7 +66,7 @@ BADKEY = data_file("badkey.pem")

 NOKIACERT = data_file("nokia.pem")

 NULLBYTECERT = data_file("nullbytecert.pem")

-DHFILE = data_file("dh512.pem")

+DHFILE = data_file("dh1024.pem")

 BYTES_DHFILE = DHFILE.encode(sys.getfilesystemencoding())