[exim-dev] [Bug 1656] Increase minimum size of DH

Page principale
Supprimer ce message
Répondre à ce message
Auteur: admin
Date:  
À: exim-dev
Sujet: [exim-dev] [Bug 1656] Increase minimum size of DH
https://bugs.exim.org/show_bug.cgi?id=1656

--- Comment #3 from Phil Pennock <pdp@???> ---
Oh, "lowers security" statement: that was a little strong and belonged to an
earlier draft response. It's still true though.

When DH size parameters are unacceptable, TLS negotiation fails hard (without
some very new extensions). When TLS negotiation in SMTP fails, many clients
fall back to cleartext. Making TLS fail unless it's "good enough" but causing
clients to use plaintext counts as a lowering of security.

If an administrator wants to bound to 1024 to work with those clients, that's
their call to make.

--
You are receiving this mail because:
You are on the CC list for the bug.