[gnutls-devel] GnuTLS | DH RFC7919 negotiation not enabled automatically (#1077)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sat Aug 29 18:01:41 CEST 2020
Andreas Metzler commented:
On 2020-08-29 Daiki Ueno @dueno commented:
> I'd say this is purely a documentation issue, given:
> - `gnutls_certificate_set_known_dh_params` is deprecated as well
> - there is no way for the server to determine which FFDHE params they should use without hint from external (either by `gnutls_certificate_set_known_dh_params` or the "supported_groups" extension sent by the client)
Hello,
do you think it is preferable to not offer TLS1.2 DHE ciphers suites than doing something equal to gnutls_certificate_set_known_dh_params() by default? If so, why? Could you perhaps try to explain this a little bit? - TIA
(The reasons given above afaict do not answer this question but sidestep it.)
cu Andreas
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1077#note_404197315
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200829/83f6456d/attachment.html>
More information about the Gnutls-devel
mailing list