------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1415
Summary: Diffie-Hellman parameters
Product: Exim
Version: N/A
Platform: Other
OS/Version: All
Status: NEW
Severity: bug
Priority: medium
Component: TLS
AssignedTo: pdp@???
ReportedBy: fedor.brunner@???
CC: exim-dev@???
Hi,
in Exim configuration files and documentation (in multiple places), you are
assuming that Mozilla Network Security Services (NSS) library supports maximum
length 2236 bits for Diffie-Hellman parameters.
This limitation has been already removed in NSS 3.14
https://bugzilla.mozilla.org/show_bug.cgi?id=636802
GnuTLS supports up to 15360 bit DH params
OpenSSL supports up to 16384 bit DH params
NSS library supports up to 16384 bit DH params
Please remove the artificial restriction for 2236 bits DH parameters.
Consider also to increase the default DH parameters from 2048 bits to 4096. The
ECRYPT recommendation for DH parameters is 3248 bits for long term protection,
If you are interested in more technical information about key sizes I highly
recommend:
http://www.keylength.com/en/compare/
Yearly Report on Algorithms and Keysizes (2012), D.SPA.20 Rev. 1.0,
ICT-2007-216676 ECRYPT II, 09/2012.
Recommendation for Key Management, Special Publication 800-57 Part 1
Rev. 3, NIST, 07/2012
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
