https://bugs.exim.org/show_bug.cgi?id=1902
Bug ID: 1902
Summary: generated DH parameters for Openssl
Product: Exim
Version: 4.87
Hardware: All
OS: All
Status: NEW
Severity: wishlist
Priority: medium
Component: TLS
Assignee: pdp@???
Reporter: jgh146exb@???
CC: exim-dev@???
We autogenerate Diffie-Hellman params in the GnuTLS variant,
calling gnutls_dh_params_generate2(). We don't with OpenSSL because it
takes too long; apparently the checking done is more strict and it can take
multiple minutes of cpu.
We should better support systems not wanting to use the "standards" published
primes (which are subject to precomputation-aided attacks), and also those
wanting to periodically roll-over their primes. Given the compute cost this
should be done in background for OpenSSL. We might also investigate
better checking on the GnuTLS version.
--
You are receiving this mail because:
You are on the CC list for the bug.
