Set the min bits of DH key to be 1024.
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
index 08b9988..90b1572 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@ -246,7 +246,7 @@
DHPublicKey clientPubKey = null;
try {
- clientPubKey = client.init(DhGroup.MODP_GROUP14);
+ clientPubKey = client.init(DhGroup.MODP_GROUP2);
} catch (Exception e) {
e.printStackTrace();
}
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PluginOpts.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PluginOpts.java
index 68b3106..dcb55bd 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PluginOpts.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PluginOpts.java
@@ -39,8 +39,8 @@
// require CRL for a CA (default is false)
public boolean requireCrlChecking = false;
// the size of the Diffie-Hellman key the client will attempt to use.
- // The acceptable values are 1024, 2048, and 4096. The default is 2048.
- public int dhMinBits = 2048;
+ // The acceptable values are 1024, 2048, and 4096. The default is 1024.
+ public int dhMinBits = 1024;
public AlgorithmIdentifiers createSupportedCMSTypes() {
AlgorithmIdentifiers cmsAlgorithms = new AlgorithmIdentifiers();
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhKeyAgreementTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhKeyAgreementTest.java
index 5cd6194..91af336 100644
--- a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhKeyAgreementTest.java
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhKeyAgreementTest.java
@@ -118,19 +118,12 @@
Assert.assertTrue(Arrays.equals(clearText, recovered));
}
-
- /**
- * Tests Diffie-Hellman using Oakley 1024-bit Modular Exponential (MODP)
- * well-known group 2 [RFC2412].
- *
- * @throws Exception
- */
@Test
public void testGeneratedDhParams() throws Exception {
DhClient client = new DhClient();
DhServer server = new DhServer();
- DHPublicKey clientPubKey = client.init(DhGroup.MODP_GROUP14);
+ DHPublicKey clientPubKey = client.init(DhGroup.MODP_GROUP2);
DHParameterSpec spec = clientPubKey.getParams();
BigInteger y = clientPubKey.getY();