From f99bc98800c0b6ba678da5e800adf71aaa401cca Mon Sep 17 00:00:00 2001
From: Johanna Amann <johanna@icir.org>
Date: Mon, 17 Nov 2014 09:51:47 -0800
Subject: [PATCH] for dh key exchanges, use p as the parameter for weak key
 exchanges. Y can be a few bytes smaller due to the modulo operation - this is
 ok.

---
 scripts/policy/protocols/ssl/weak-keys.bro | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/policy/protocols/ssl/weak-keys.bro b/scripts/policy/protocols/ssl/weak-keys.bro
index e849c3c06c..82cc3a2b5f 100644
--- a/scripts/policy/protocols/ssl/weak-keys.bro
+++ b/scripts/policy/protocols/ssl/weak-keys.bro
@@ -65,7 +65,7 @@ event ssl_dh_server_params(c: connection, p: string, q: string, Ys: string) &pri
 	if ( ! addr_matches_host(c$id$resp_h, notify_weak_keys) )
 		return;
 
-	local key_length = |Ys| * 8; # key length in bits
+	local key_length = |p| * 8; # length of the used prime number in bits
 
 	if ( key_length < notify_minimal_key_length )
 		NOTICE([$note=Weak_Key,