ssl: use 2048-bit group in the default tmp_dh_cb

The 'keylen' parameter of the tmp_dh_callback is only meaningful when
'is_export' is non-zero. Ignore them and just return the default
2048-bit DH group.

Author: rhenium

lib/openssl/ssl.rb

@@ -30,15 +30,6 @@ class SSLContext
       }
 
       if defined?(OpenSSL::PKey::DH)
-        DEFAULT_1024 = OpenSSL::PKey::DH.new <<-_end_of_pem_
------BEGIN DH PARAMETERS-----
-MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ
-AV/ZD2AWPbrTqV76mGRgJg4EddgT1zG0jq3rnFdMj2XzkBYx3BVvfR0Arnby0RHR
-T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC
------END DH PARAMETERS-----
-        _end_of_pem_
-        private_constant :DEFAULT_1024
-
         DEFAULT_2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_
 -----BEGIN DH PARAMETERS-----
 MIIBCAKCAQEA7E6kBrYiyvmKAMzQ7i8WvwVk9Y/+f8S7sCTN712KkK3cqd1jhJDY
@@ -53,11 +44,7 @@ class SSLContext
 
         DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen| # :nodoc:
           warn "using default DH parameters." if $VERBOSE
-          case keylen
-          when 1024 then DEFAULT_1024
-          when 2048 then DEFAULT_2048
-          else nil
-          end
+          DEFAULT_2048
         }
       end