[gnutls-devel] weak dh issue

Kurt Roeckx kurt at roeckx.be
Wed May 20 19:11:18 CEST 2015


On Wed, May 20, 2015 at 05:10:20PM +0200, Nikos Mavrogiannopoulos wrote:
> According to https://weakdh.org/ there is a new attack which relies on
> clients accepting weak DHE parameters. GnuTLS is unaffected by this
> attack, and it seems like a good choice that we always imposed higher
> standards for parameters than other implementations despite the many
> bug reports [0] in the past.

But you should consider changing the minimum to 1024 instead of
the current 768.


Kurt




More information about the Gnutls-devel mailing list