[exim-dev] [Bug 1902] New: generated DH parameters for Opens…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
admin at ->
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1902] New: generated DH parameters for Openssl
https://bugs.exim.org/show_bug.cgi?id=1902 

            Bug ID: 1902
           Summary: generated DH parameters for Openssl
           Product: Exim
           Version: 4.87
          Hardware: All
                OS: All
            Status: NEW
          Severity: wishlist
          Priority: medium
         Component: TLS
          Assignee: pdp@???
          Reporter: jgh146exb@???
                CC: exim-dev@???


We autogenerate Diffie-Hellman params in the GnuTLS variant,
calling gnutls_dh_params_generate2(). We don't with OpenSSL because it
takes too long; apparently the checking done is more strict and it can take
multiple minutes of cpu.

We should better support systems not wanting to use the "standards" published
primes (which are subject to precomputation-aided attacks), and also those
wanting to periodically roll-over their primes. Given the compute cost this
should be done in background for OpenSSL. We might also investigate
better checking on the GnuTLS version.

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 1835] Use after free of FILE *smtp_in, *smtp_out in server process after failed GnuTLS STARTTLS[exim-dev] [Bug 1902] generated DH parameters for Openssl->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)