)]}'
{
  "commit": "0bdd56f02e17a358f87a78888cd7c6cdbc330cf1",
  "tree": "1425d41cbeda7c0586a9354649524350bf8b36f1",
  "parents": [
    "6158bf197ee23dc08f2ca152ca39ad25cbc9207c"
  ],
  "author": {
    "name": "Maxim Dounin",
    "email": "mdounin@mdounin.ru",
    "time": "Thu May 19 14:46:32 2016 +0300"
  },
  "committer": {
    "name": "Maxim Dounin",
    "email": "mdounin@mdounin.ru",
    "time": "Thu May 19 14:46:32 2016 +0300"
  },
  "message": "SSL: removed default DH parameters.\n\nUsing the same DH parameters on multiple servers is believed to be subject\nto precomputation attacks, see http://weakdh.org/.  Additionally, 1024 bits\nare not enough in the modern world as well.  Let users provide their own\nDH parameters with the ssl_dhparam directive if they want to use EDH ciphers.\n\nNote that SSL_CTX_set_dh_auto() as provided by OpenSSL 1.1.0 uses fixed\nDH parameters from RFC 5114 and RFC 3526, and therefore subject to the same\nprecomputation attacks.  We avoid using it as well.\n\nThis change also fixes compilation with OpenSSL 1.1.0-pre5 (aka Beta 2),\nas OpenSSL developers changed their policy after releasing Beta 1 and\nbroke API once again by making the DH struct opaque (see ticket #860).\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "96c059be90772d230b4928983b2775493c3a1d71",
      "old_mode": 33188,
      "old_path": "src/event/ngx_event_openssl.c",
      "new_id": "810c46995c38f94142e729d5d748319772c2d816",
      "new_mode": 33188,
      "new_path": "src/event/ngx_event_openssl.c"
    }
  ]
}