[gnutls-dev] Feature request: not really random session keys

Florian Weimer fw at deneb.enyo.de
Mon Jan 30 17:00:13 CET 2006

* Nikos Mavrogiannopoulos:

> Hmmm then it's a problem... the process shouldn't check if it is
> outdated or not (or could check but in that case disable the
> corresponding ciphersuites, instead of generating the key).

I don't think RSA_EXPORT is terribly important anyway. 8->

> The easier way to fix that is to generate the RSA key and the DH
> parameters by other means --say certtool running on the bg once per
> day or something like that.

The params file seems to be in some kind of proprietary file format,
so this is not as easy as it sounds.  But we will likely do something
like this when it's been decided that we cannot scrap RSA_EXPORT

More information about the Gnutls-devel mailing list