We have been using as default DH parameters the 1024-bit MODP group. This is now considered insecure, and applications should use the 2048-bit at a minimum [1]. This commit therefore replaces the parameters with the 2048-bit MODP group from [2]. To double check the data, use openssl asn1parse to verify that the prime matches. For instance: 1) put the encoded string in a `encoded.txt` file (c&p from the source, removing the double quotes) 2) put the hexadecimal value of the 2048-bit group in a `reference.txt` file (c&p from [2]) 3) compare the output of openssl asn1parse with the reference. For instance like this: $ diff <(openssl asn1parse < encoded.txt | grep -m 1 INTEGER | perl -pe 's/.*://; s/\n//') <(perl -0777 -pe 's/\s//g' reference.txt) && echo OK OK [1] https://datatracker.ietf.org/doc/html/rfc8247#section-2.4 [2] https://datatracker.ietf.org/doc/html/rfc3526#section-3 [ChangeLog][QtNetwork][QSslDiffieHellmanParameters] The default Diffie-Hellman parameters are now using the 2048-bit MODP group from RFC 3526. Pick-to: 6.6 6.5 6.2 5.15 Change-Id: I47133cd78ba0e954b8f93a3da09fa2c760c9f7a8 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>