[exim-dev] [Bug 2822] DHE ciphers missing, under GnuTLS

Page principale
Supprimer ce message
Répondre à ce message
Auteur: admin
Date:  
À: exim-dev
Anciens-sujets: [exim-dev] [Bug 2822] New: Issues with DHE ciphers - problems with GnuTLS implementation?
Sujet: [exim-dev] [Bug 2822] DHE ciphers missing, under GnuTLS
https://bugs.exim.org/show_bug.cgi?id=2822

Jeremy Harris <jgh146exb@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           See Also|                            |http://bugs.debian.org/9681
                   |                            |45


--- Comment #5 from Jeremy Harris <jgh146exb@???> ---
(In reply to Ferry from comment #4)
> According to the responses there either:
> gnutls_certificate_set_dh_params or gnutls_certificate_set_known_dh_params
> should be called.


For both of those the GnuTLS docs say
"This function is unnecessary and discouraged on GnuTLS 3.6.0 or
       later. Since 3.6.0, DH parameters are negotiated following
       RFC7919."


We're doing what those docs say. It they are *wrong* then it's a bug
in GnuTLS, or in the GnuTLS docs. We'd like to know, but I see no project
acknowlegement of the issue in the Gitlab page you reference, or action.

> If someone would set tls_dhparam [...] or the
> option should be removed.


If we did that someone would raise it as a bug. We can't win.
We do document that is is ignored, in the main-section options chapter.

--
You are receiving this mail because:
You are on the CC list for the bug.