Re: [exim-dev] Remove RSA_EXPORT support

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-dev
Subject: Re: [exim-dev] Remove RSA_EXPORT support
On 2006-10-16 Philip Hazel <ph10@???> wrote:
> On Sun, 8 Oct 2006, Marc Haber wrote:


> > Florian Weimer has made a patch removing RSA_EXPORT support from Exim.
> > This patch removes blocking on /dev/random from the DH parameter
> > generation, which is a big source of trouble for the Debian packages.


> This patch is now committed. As Florian promised, it seems to make no
> difference to Exim's actual operation, other than not to waste time
> computing parameters that are never used.


The patch slightly breaks backwards compatibility. Exim is not able
anymore to read old-format (4.50 and earlier) gnutlsparams file. - It
is necessary to remove the old file on upgrades from older versions,
otherwise exim aborts TLS connections with

TLS error on connection from ... (DH params import): Base64 decoding error.

cu andreas
-- 
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde