[exim-dev] [Bug 1902] New: generated DH parameters for Opens…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1902] New: generated DH parameters for Openssl
https://bugs.exim.org/show_bug.cgi?id=1902

            Bug ID: 1902
           Summary: generated DH parameters for Openssl
           Product: Exim
           Version: 4.87
          Hardware: All
                OS: All
            Status: NEW
          Severity: wishlist
          Priority: medium
         Component: TLS
          Assignee: pdp@???
          Reporter: jgh146exb@???
                CC: exim-dev@???


We autogenerate Diffie-Hellman params in the GnuTLS variant,
calling gnutls_dh_params_generate2(). We don't with OpenSSL because it
takes too long; apparently the checking done is more strict and it can take
multiple minutes of cpu.

We should better support systems not wanting to use the "standards" published
primes (which are subject to precomputation-aided attacks), and also those
wanting to periodically roll-over their primes. Given the compute cost this
should be done in background for OpenSSL. We might also investigate
better checking on the GnuTLS version.

--
You are receiving this mail because:
You are on the CC list for the bug.