https://bugs.exim.org/show_bug.cgi?id=2822
Jeremy Harris <jgh146exb@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
See Also| |http://bugs.debian.org/9681
| |45
--- Comment #5 from Jeremy Harris <jgh146exb@???> ---
(In reply to Ferry from comment #4)
> According to the responses there either:
> gnutls_certificate_set_dh_params or gnutls_certificate_set_known_dh_params
> should be called.
For both of those the GnuTLS docs say
"This function is unnecessary and discouraged on GnuTLS 3.6.0 or
later. Since 3.6.0, DH parameters are negotiated following
RFC7919."
We're doing what those docs say. It they are *wrong* then it's a bug
in GnuTLS, or in the GnuTLS docs. We'd like to know, but I see no project
acknowlegement of the issue in the Gitlab page you reference, or action.
> If someone would set tls_dhparam [...] or the
> option should be removed.
If we did that someone would raise it as a bug. We can't win.
We do document that is is ignored, in the main-section options chapter.
--
You are receiving this mail because:
You are on the CC list for the bug.
