[exim-dev] [Bug 1656] Increase minimum size of DH

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1656] Increase minimum size of DH
https://bugs.exim.org/show_bug.cgi?id=1656

--- Comment #3 from Phil Pennock <pdp@???> ---
Oh, "lowers security" statement: that was a little strong and belonged to an
earlier draft response. It's still true though.

When DH size parameters are unacceptable, TLS negotiation fails hard (without
some very new extensions). When TLS negotiation in SMTP fails, many clients
fall back to cleartext. Making TLS fail unless it's "good enough" but causing
clients to use plaintext counts as a lowering of security.

If an administrator wants to bound to 1024 to work with those clients, that's
their call to make.

--
You are receiving this mail because:
You are on the CC list for the bug.