[exim-dev] [Bug 1656] New: Increase minimum size of DH

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1656] New: Increase minimum size of DH
https://bugs.exim.org/show_bug.cgi?id=1656

            Bug ID: 1656
           Summary: Increase minimum size of DH
           Product: Exim
           Version: 4.85+ HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: security
          Priority: medium
         Component: TLS
          Assignee: pdp@???
          Reporter: loganaden@???
                CC: exim-dev@???


Created attachment 823
--> https://bugs.exim.org/attachment.cgi?id=823&action=edit
gnutls_dh_2048

Following the logjam attack against TLS:

weakdh.org recommends using a 2048 DH by default as a minimum.

https://weakdh.org/sysadmin.html


OpenSMTPD has made a comment for testing, and then switched to 2048 by default.

(- switched to 2048-bits DH params by default)

https://www.opensmtpd.org/announces/release-5.7.1.txt

Please note that the diff is only honored by GnuTLS.

I'm currently looking at extending it to OpenSSL. Any pointer is much
appreciated.

--
You are receiving this mail because:
You are on the CC list for the bug.