- Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLS
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index c460963..1254615 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -759,6 +759,7 @@
/**
* \brief Set the Diffie-Hellman public P and G values,
* read as hexadecimal strings (server-side only)
+ * (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG])
*
* \param ssl SSL context
* \param dhm_P Diffie-Hellman-Merkle modulus
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 65bd7d4..5ae581f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2848,10 +2848,27 @@
memset( ssl, 0, sizeof( ssl_context ) );
+ /*
+ * Sane defaults
+ */
ssl->rsa_decrypt = ssl_rsa_decrypt;
ssl->rsa_sign = ssl_rsa_sign;
ssl->rsa_key_len = ssl_rsa_key_len;
+#if defined(POLARSSL_DHM_C)
+ if( ( ret = mpi_read_string( &ssl->dhm_P, 16,
+ POLARSSL_DHM_RFC5114_MODP_1024_P) ) != 0 ||
+ ( ret = mpi_read_string( &ssl->dhm_G, 16,
+ POLARSSL_DHM_RFC5114_MODP_1024_G) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "mpi_read_string", ret );
+ return( ret );
+ }
+#endif
+
+ /*
+ * Prepare base structures
+ */
ssl->in_ctr = (unsigned char *) malloc( len );
ssl->in_hdr = ssl->in_ctr + 8;
ssl->in_msg = ssl->in_ctr + 13;
