Diffie-Hellman parameters fail the OpenSSL check
Bug description
The self check of Diffie-Hellman parameters in gajim data/other/dh4096.pem
using OpenSSL command dhparam fail with error message "the g value is not a generator"
Steps to reproduce
Run the dhparam check on data/other/dh4096.pem
openssl dhparam -check -in dh4096.pem -text
PKCS#3 DH Parameters: (4096 bit)
prime:
00:fa:14:72:52:c1:4d:e1:5a:49:d4:ef:09:2d:c0:
a8:fd:55:ab:d7:d9:37:04:28:09:e2:e9:3e:77:e2:
a1:7a:18:dd:46:a3:43:37:23:90:97:f3:0e:c9:03:
50:7d:65:cf:78:62:a6:3a:62:22:83:a1:2f:fe:79:
ba:35:ff:59:d8:1d:61:dd:1e:21:13:17:fe:cd:38:
87:9e:f5:4f:79:10:61:8d:d4:22:f3:5a:ed:5d:ea:
21:e9:33:6b:48:12:0a:20:77:d4:25:60:61:de:f6:
b4:4f:1c:63:40:8b:3a:21:93:8b:79:53:51:2c:ca:
b3:7b:29:56:a8:c7:f8:f4:7b:08:5e:a6:dc:a2:45:
12:56:dd:41:92:f2:dd:5b:8f:23:f0:f3:ef:e4:3b:
0a:44:dd:ed:96:84:f1:a8:32:46:a3:db:4a:be:3d:
45:ba:4e:f8:03:e5:dd:6b:59:0d:84:1e:ca:16:5a:
8c:c8:df:7c:54:44:c4:27:a7:3b:2a:97:ce:a3:7d:
26:9c:ad:f4:c2:ac:37:4b:c3:ad:68:84:7f:99:a6:
17:ef:6b:46:3a:7a:36:7a:11:43:92:ad:e9:9c:fb:
44:6c:3d:82:49:cc:5c:6a:52:42:f8:42:fb:44:f9:
39:73:fb:60:79:3b:c2:9e:0b:dc:d4:a6:67:f7:66:
3f:fc:42:3b:1b:db:4f:66:dc:a5:8f:66:f9:ea:c1:
ed:31:fb:48:a1:82:7d:f8:e0:cc:b1:c7:03:e4:f8:
b3:fe:b7:a3:13:73:a6:7b:c1:0e:39:c7:94:48:26:
00:85:79:fc:6f:7a:af:c5:52:35:75:d7:75:a4:40:
fa:14:74:61:16:f2:eb:67:11:6f:04:43:3d:11:14:
4c:a7:94:2a:39:a1:c9:90:cf:83:c6:ff:02:8f:a3:
2a:ac:26:df:0b:8b:be:64:4a:f1:a1:dc:ee:ba:c8:
03:82:f6:62:2c:5d:b6:bb:13:19:6e:86:c5:5b:2b:
5e:3a:f3:b3:28:6b:70:71:3a:8e:ff:5c:15:e6:02:
a4:ce:ed:59:56:cc:15:51:07:79:1a:0f:25:26:27:
30:a9:15:b2:c8:d4:5c:cc:30:e8:1b:d8:d5:0f:19:
a8:80:a4:c7:01:aa:8b:ba:53:bb:47:c2:1f:6b:54:
b0:17:60:ed:79:21:95:b6:05:84:37:c8:03:a4:dd:
d1:06:69:8f:4c:39:e0:c8:5d:83:1d:be:6a:9a:99:
f3:9f:0b:45:29:d4:cb:29:66:ee:1e:7e:3d:d7:13:
4e:db:90:90:58:cb:5e:9b:cd:2e:2b:0f:a9:4e:78:
ac:05:11:7f:e3:9e:27:d4:99:e1:b9:bd:78:e1:84:
41:a0:df
generator: 2 (0x2)
the g value is not a generator
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ
l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt
Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS
Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98
VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc
alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM
sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9
ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte
OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH
AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL
KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=
-----END DH PARAMETERS-----
Fix
Replace DH params with new DH parameters. This parameters have been generated using command
openssl dhparam 4096 -out new_dh4096.pem -text
The new DH paramters:
PKCS#3 DH Parameters: (4096 bit)
prime:
00:f5:10:5d:8d:fb:7d:a5:c7:f2:d9:66:56:5a:0c:
fb:b8:ac:c7:83:43:bc:96:d7:54:d3:8e:4e:e5:a6:
48:91:b9:9f:7b:a7:9c:ea:ca:6e:1a:52:70:0a:90:
3c:16:94:4a:f7:d4:76:25:86:64:3c:3b:89:90:93:
91:dd:8a:27:9b:79:5e:24:1f:19:3b:5b:20:6a:4d:
fa:b5:fd:4a:5e:8b:27:f3:a4:93:b7:08:7c:a6:90:
36:ec:87:71:e1:d6:70:16:7f:30:3c:29:df:71:5a:
82:ab:fe:03:5d:1e:e6:07:79:a2:1c:e3:19:c7:c9:
26:8e:14:4e:f3:a7:68:4d:91:d6:b1:36:1e:8f:57:
a2:a5:b9:3d:95:e9:18:27:32:3b:a2:11:08:4e:72:
e8:89:42:9f:aa:ec:df:83:bd:49:19:c1:8a:17:a7:
6f:5e:57:1c:e2:25:ee:3e:5b:aa:cf:57:ec:b9:ae:
1e:63:fb:66:90:f9:6f:aa:86:17:b2:6b:50:22:cc:
e4:d9:82:2c:82:4f:24:0c:1b:fd:04:16:dc:14:84:
d7:0c:51:0c:c4:f7:39:42:87:f8:31:34:c7:58:e1:
ef:cb:25:ea:88:d2:6d:77:57:16:92:ba:46:2b:1f:
87:d8:c0:e8:2d:6f:12:b1:fd:ef:fe:80:a3:de:d3:
fe:2d:b3:9a:fa:ba:a6:7b:7f:40:44:af:12:66:98:
a6:8e:40:70:d2:a3:10:70:8b:b1:2d:35:c5:3e:b2:
d3:b3:3c:f3:6b:73:5f:b6:1b:5c:d4:7d:4c:ba:85:
6c:74:94:83:8d:37:bd:e0:56:a3:3d:ec:2c:23:70:
9c:d9:f5:60:4a:1e:a9:b9:2e:92:de:0b:1f:75:b9:
4d:30:d6:11:8d:04:8c:46:bd:cb:19:a8:52:9d:63:
86:ea:ec:7e:d4:d6:ae:de:10:b0:08:e2:19:a5:9b:
37:0d:9b:ab:45:9f:84:15:85:b1:1b:ef:37:0c:c9:
6e:57:18:3b:71:7a:f3:a1:fc:81:4a:16:ff:95:50:
84:45:5c:8a:0a:e1:88:00:94:a4:29:f0:bf:0f:9b:
5c:08:71:c4:07:7e:1e:a7:c6:4c:73:ed:94:12:c9:
4a:f1:d4:96:e1:c4:1c:a8:6d:ff:28:ec:29:b1:5d:
33:5d:f6:97:d3:18:52:f3:ff:79:82:70:20:09:94:
62:0e:25:16:56:c9:09:e8:9c:56:be:a8:38:d0:dd:
9d:04:ae:ed:4f:f1:aa:b1:ac:8f:0d:d0:18:fc:1f:
e5:05:f7:09:ce:e0:fa:bb:10:9f:d7:00:42:32:d8:
34:d5:b5:5e:ee:d8:a9:c5:29:61:1a:00:69:28:1a:
09:6b:8b
generator: 2 (0x2)
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA9RBdjft9pcfy2WZWWgz7uKzHg0O8ltdU045O5aZIkbmfe6ec6spu
GlJwCpA8FpRK99R2JYZkPDuJkJOR3Yonm3leJB8ZO1sgak36tf1KXosn86STtwh8
ppA27Idx4dZwFn8wPCnfcVqCq/4DXR7mB3miHOMZx8kmjhRO86doTZHWsTYej1ei
pbk9lekYJzI7ohEITnLoiUKfquzfg71JGcGKF6dvXlcc4iXuPluqz1fsua4eY/tm
kPlvqoYXsmtQIszk2YIsgk8kDBv9BBbcFITXDFEMxPc5Qof4MTTHWOHvyyXqiNJt
d1cWkrpGKx+H2MDoLW8Ssf3v/oCj3tP+LbOa+rqme39ARK8SZpimjkBw0qMQcIux
LTXFPrLTszzza3Nfthtc1H1MuoVsdJSDjTe94FajPewsI3Cc2fVgSh6puS6S3gsf
dblNMNYRjQSMRr3LGahSnWOG6ux+1Nau3hCwCOIZpZs3DZurRZ+EFYWxG+83DMlu
Vxg7cXrzofyBShb/lVCERVyKCuGIAJSkKfC/D5tcCHHEB34ep8ZMc+2UEslK8dSW
4cQcqG3/KOwpsV0zXfaX0xhS8/95gnAgCZRiDiUWVskJ6JxWvqg40N2dBK7tT/Gq
sayPDdAY/B/lBfcJzuD6uxCf1wBCMtg01bVe7tipxSlhGgBpKBoJa4sCAQI=
-----END DH PARAMETERS-----